Bug#407301: gs-esp pdfwrite crash in cos_dict_equal

To: submit@bugs.debian.org
Subject: Bug#407301: gs-esp pdfwrite crash in cos_dict_equal
From: Ian Jackson <iwj@ubuntu.com>
Date: Wed, 17 Jan 2007 13:21:14 +0000
Message-id: <[🔎] 17838.8906.752880.179746@davenant.relativity.greenend.org.uk>
Reply-to: Ian Jackson <iwj@ubuntu.com>, 407301@bugs.debian.org

Package: gs-esp
Version: 8.15.3.dfsg.1-2
Severity: important
Tags: patch

An Ubuntu user reported a gs-esp crash with pdfwrite on sparc:
 https://launchpad.net/ubuntu/+source/gs-esp/+bug/76749

Investigating the bug I found what seems to me clearly erroneous code
in gdevpdfo.c:cos_dict_equal.  I have reported this upstream at:
 http://www.cups.org/espgs/str.php?L2199+P0+S-2+C0+I0+E0+Q
and am removing the offending line in Ubuntu.

I think Debian should apply the attached patch in (at least) etch and
sid.  Without it the code will sometimes have undefined behaviour.
It's probably not a security problem but will cause crashes some of
the time.

Thanks,
Ian.

--- src/gdevpdfo.c~	2006-01-14 12:20:08.000000000 +0000
+++ src/gdevpdfo.c	2007-01-17 12:51:51.000000000 +0000
@@ -1045,11 +1045,8 @@
 	const cos_value_t *v = cos_dict_find(pcd1, pcde0->key.data, pcde0->key.size);
 	int code;
 
-	if (cos_type(v->contents.object) != cos_type_dict)
-	    return false;	/* Should _never_ happen */
-
 	if (v == NULL)
 	    return false;
 	code = cos_value_equal(&pcde0->value, v, pdev);
 	if (code < 0)
 	    return code;

Reply to:

Prev by Date: Bug#403703: Still present
Next by Date: CUPS ERROR - Unable to connect to CIFS host, will retry in 60 seconds...
Previous by thread: Processed: Still present
Next by thread: CUPS ERROR - Unable to connect to CIFS host, will retry in 60 seconds...
Index(es):
- Date
- Thread