Re: [Hpinkjet-announce] new gdevijs-krgb patch
On Thu, 23 Feb 2006, Suffield, David wrote:
> (gdevijs-krgb-1.2)
> 5. Fixed krgb buffer overflow issue with out-of-band data in
> fill_rectangle and copy_mono. This buffer overflow condition occurred
> with HPLIP fullbleed print jobs that had k-band data.
Is this to be considered an exploitable security hole, or just a serious
bug? The way we go about security bugs is very different, and might
include updates to stable versions of the distros, for example.
> Its been a year since I posted the last krgb patch for ghostscript. I
> see the patch did not make it into GPL 8.50. Raph or Ralph any thoughts
> about up-stream support for krgb?
See http://bugs.ghostscript.com/show_bug.cgi?id=687907
I suppose upstream gs is waiting for HP to implement the high-order black
planes as you proposed. The KRGB 1.2 patches should be sent to that bug
report, as well, I think.
I have only two comments on the KRGB 1.2 patches:
1. please follow upstream's coding style, and break/wrap lines at 80 chars
maximum. I have updated the patches I am proposing for inclusion in
Debian to address that.
2. Please #include <fcntl.h> only when KRGB_DEBUG is set, as it appears
to be used only by the debug stuff.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: