| 1234567891011121314151617 |
- $OpenBSD: patch-base_gsmalloc_c,v 1.1 2015/07/24 12:46:23 jasper Exp $
- CVE-2015-3228 ghostscript-core: out-of-bounbds read and write in gs_ttf.ps
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b085
- --- base/gsmalloc.c.orig Fri Jul 24 10:12:58 2015
- +++ base/gsmalloc.c Fri Jul 24 10:20:28 2015
- @@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, clie
- } else {
- uint added = size + sizeof(gs_malloc_block_t);
-
- - if (mmem->limit - added < mmem->used)
- + if (added <= size || mmem->limit - added < mmem->used)
- set_msg("exceeded limit");
- else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
- set_msg("failed");
|
