RE: [Hpinkjet-announce] new gdevijs-krgb patch
> From: Henrique de Moraes Holschuh [mailto:hmh@debian.org]
> Sent: Friday, February 24, 2006 8:28 AM
>
> On Thu, 23 Feb 2006, Suffield, David wrote:
> > (gdevijs-krgb-1.2)
> > 5. Fixed krgb buffer overflow issue with out-of-band data in
> > fill_rectangle and copy_mono. This buffer overflow
> condition occurred
> > with HPLIP fullbleed print jobs that had k-band data.
>
> Is this to be considered an exploitable security hole, or
> just a serious bug? The way we go about security bugs is
> very different, and might include updates to stable versions
> of the distros, for example.
The buffer overflow issue was discovered in-house on gs7.07. I don't
know if it is an exploitable security issue. Ghostscript would normally
exit with a sigfault and the print job would terminate before
completion.
>
> > Its been a year since I posted the last krgb patch for
> ghostscript. I
> > see the patch did not make it into GPL 8.50. Raph or Ralph any
> > thoughts about up-stream support for krgb?
>
> See http://bugs.ghostscript.com/show_bug.cgi?id=687907
>
> I suppose upstream gs is waiting for HP to implement the
> high-order black planes as you proposed. The KRGB 1.2
> patches should be sent to that bug report, as well, I think.
Greater than 1-bit K plane support is beyond the scope of this patch.
Object tagging would be required for higher bit depths.
>
> I have only two comments on the KRGB 1.2 patches:
>
> 1. please follow upstream's coding style, and break/wrap
> lines at 80 chars
> maximum. I have updated the patches I am proposing for
> inclusion in
> Debian to address that.
>
> 2. Please #include <fcntl.h> only when KRGB_DEBUG is set, as
> it appears
> to be used only by the debug stuff.
Good suggestions :)
-dave
Reply to: