[ghostscript/f12/master] Avoid another NULL pointer dereference in jbig2 code (bug #621569).

Tim Waugh twaugh at fedoraproject.org
Thu Aug 5 16:04:57 UTC 2010 

commit 2e84257b372352281d1ceb6ea1adae3ccc9fc26b
Author: Tim Waugh <twaugh at redhat.com>
Date:   Thu Aug 5 16:15:23 2010 +0100

    Avoid another NULL pointer dereference in jbig2 code (bug #621569).

 ghostscript-jbig2-image-refcount.patch |   25 +++++++++++++++++++++++++
 ghostscript.spec                       |    9 ++++++++-
 2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/ghostscript-jbig2-image-refcount.patch b/ghostscript-jbig2-image-refcount.patch
new file mode 100644
index 0000000..6054273
--- /dev/null
+++ b/ghostscript-jbig2-image-refcount.patch
@@ -0,0 +1,25 @@
+diff -up ghostscript-8.71/jbig2dec/jbig2_image.c.jbig2-image-refcount ghostscript-8.71/jbig2dec/jbig2_image.c
+--- ghostscript-8.71/jbig2dec/jbig2_image.c.jbig2-image-refcount	2010-08-05 14:55:56.417043303 +0100
++++ ghostscript-8.71/jbig2dec/jbig2_image.c	2010-08-05 14:56:46.796169065 +0100
+@@ -60,15 +60,18 @@ Jbig2Image* jbig2_image_new(Jbig2Ctx *ct
+ /* clone an image pointer by bumping its reference count */
+ Jbig2Image* jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image)
+ {
+-	image->refcount++;
++	if (image)
++		image->refcount++;
+ 	return image;
+ }
+ 
+ /* release an image pointer, freeing it it appropriate */
+ void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image)
+ {
+-	image->refcount--;
+-	if (!image->refcount) jbig2_image_free(ctx, image);
++	if (image) {
++		image->refcount--;
++		if (!image->refcount) jbig2_image_free(ctx, image);
++	}
+ }
+ 
+ /* free a Jbig2Image structure and its associated memory */
diff --git a/ghostscript.spec b/ghostscript.spec
index 31db348..996ca3a 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer.
 Name: ghostscript
 Version: %{gs_ver}
 
-Release: 7%{?dist}
+Release: 8%{?dist}
 
 # Included CMap data is Redistributable, no modification permitted,
 # see http://bugzilla.redhat.com/487510
@@ -36,6 +36,7 @@ Patch17: ghostscript-tif-fail-close.patch
 Patch18: ghostscript-tiff-default-strip-size.patch
 Patch19: ghostscript-tiff-fixes.patch
 Patch20: ghostscript-CVE-2010-1628.patch
+Patch21: ghostscript-jbig2-image-refcount.patch
 
 Requires: urw-fonts >= 1.1, ghostscript-fonts
 BuildRequires: xz
@@ -169,6 +170,9 @@ rm -rf libpng zlib jpeg jasper
 # overflow, bug #592492).
 %patch20 -p1 -b .CVE-2010-1628
 
+# Avoid another NULL pointer dereference in jbig2 code (bug #621569).
+%patch21 -p1 -b .jbig2-image-refcount
+
 # Convert manual pages to UTF-8
 from8859_1() {
 	iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -357,6 +361,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so
 
 %changelog
+* Thu Aug  5 2010 Tim Waugh <twaugh at redhat.com> 8.71-8
+- Avoid another NULL pointer dereference in jbig2 code (bug #621569).
+
 * Fri Jul 16 2010 Tim Waugh <twaugh at redhat.com> 8.71-7
 - Applied patch to fix CVE-2010-1628 (memory corruption at PS stack
   overflow, bug #592492).

More information about the scm-commits mailing list