Overview

File CVE-2024-33871.patch of Package ghostscript

--- contrib/opvp/gdevopvp.c.orig	2020-03-19 09:21:42.000000000 +0100
+++ contrib/opvp/gdevopvp.c	2024-06-21 09:29:30.573905711 +0200
@@ -185,7 +185,7 @@ static  int opvp_copy_color(gx_device *,
 static  int _get_params(gs_param_list *);
 static  int opvp_get_params(gx_device *, gs_param_list *);
 static  int oprp_get_params(gx_device *, gs_param_list *);
-static  int _put_params(gs_param_list *);
+static  int _put_params(gx_device *, gs_param_list *);
 static  int opvp_put_params(gx_device *, gs_param_list *);
 static  int oprp_put_params(gx_device *, gs_param_list *);
 static  int opvp_fill_path(gx_device *, const gs_gstate *, gx_path *,
@@ -3180,7 +3180,7 @@ oprp_get_params(gx_device *dev, gs_param
  * put params
  */
 static  int
-_put_params(gs_param_list *plist)
+_put_params(gx_device *dev, gs_param_list *plist)
 {
     int code;
     int ecode = 0;
@@ -3202,6 +3202,12 @@ _put_params(gs_param_list *plist)
     code = param_read_string(plist, pname, &vdps);
     switch (code) {
     case 0:
+        if (gs_is_path_control_active(dev->memory)
+            && (!vectorDriver || strlen(vectorDriver) != vdps.size
+                || memcmp(vectorDriver, vdps.data, vdps.size) != 0)) {
+            param_signal_error(plist, pname, gs_error_invalidaccess);
+            return_error(gs_error_invalidaccess);
+        }
         buff = realloc(buff, vdps.size + 1);
         memcpy(buff, vdps.data, vdps.size);
         buff[vdps.size] = 0;
@@ -3403,7 +3409,7 @@ opvp_put_params(gx_device *dev, gs_param
     int code;
 
     /* put params */
-    code = _put_params(plist);
+    code = _put_params(dev, plist);
     if (code) return code;
 
     /* put default params */
@@ -3419,7 +3425,7 @@ oprp_put_params(gx_device *dev, gs_param
     int code;
 
     /* put params */
-    code = _put_params(plist);
+    code = _put_params(dev, plist);
     if (code) return code;
 
     /* put default params */
openSUSE Build Service is sponsored by
Places