From 7ee525fd0010a4f0bb507417860e9faa058c6315 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Fri, 21 Sep 2018 09:49:58 +0100
Subject: [PATCH] Bug #699801 "zparse_dsc_comments can crash with invalid
dsc_state"
Although zparse_dsc_comments() does check the types of its operands, it
wasn't checking the return value from dict_find_string properly. It was
effectively assuming that the dictionary parameter was the *correct*
dictionary and would contain the key/value pair it needed.
Here we check to see if the key has not been found and throw an error
if so.
---
psi/zdscpars.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/psi/zdscpars.c b/psi/zdscpars.c
index ca3d3d4..a8cb75d 100644
--- a/psi/zdscpars.c
+++ b/psi/zdscpars.c
@@ -457,6 +457,9 @@ zparse_dsc_comments(i_ctx_t *i_ctx_p)
code = dict_find_string(opDict, dsc_dict_name, &pvalue);
if (code < 0)
return code;
+ if (code == 0)
+ return_error(gs_error_undefined);
+
dsc_state = r_ptr(pvalue, dsc_data_t);
/*
* Pick up the comment string to be parsed.
--
2.9.1
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
bc219369320b6b5781eed48254462cef
>
files
>
17
