7819
|
1 |
The patch has been taken from community and fixes Integer overflow.
|
|
2 |
The details can be found in the following location
|
|
3 |
https://bugs.ghostscript.com/show_bug.cgi?id=697190
|
|
4 |
|
|
5 |
--- ghostscript-9.20/psi/zdscpars.c 2016-09-26 03:41:29.000000000 -0700
|
|
6 |
+++ ghostscript-9.20/psi/zdscpars.c 2016-11-23 21:29:07.736373458 -0800
|
|
7 |
@@ -150,11 +150,16 @@
|
|
8 |
ref local_ref;
|
|
9 |
int code;
|
|
10 |
os_ptr const op = osp;
|
|
11 |
- dict * const pdict = op->value.pdict;
|
|
12 |
- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
|
|
13 |
- dsc_data_t * const data =
|
|
14 |
- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
|
|
15 |
+ dict *pdict;
|
|
16 |
+ gs_memory_t *mem;
|
|
17 |
+ dsc_data_t *data;
|
|
18 |
|
|
19 |
+ check_read_type(*op, t_dictionary);
|
|
20 |
+
|
|
21 |
+ pdict = op->value.pdict;
|
|
22 |
+ mem = (gs_memory_t *)dict_memory(pdict);
|
|
23 |
+
|
|
24 |
+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
|
|
25 |
if (!data)
|
|
26 |
return_error(gs_error_VMerror);
|
|
27 |
data->document_level = 0;
|