Kezdőlap Felfedezés Súgó
Bejelentkezés
PUBLIC_REPOS
/
buildroot
tükrözi: git://git.buildroot.net/buildroot
2
1
Másolás 0
Fájlok
Fa: c49d26798b
Branch-ok Tag-ek
buildroot
/
package
/
ghostscript
/
0002-Sanitize-op-stack-for-error-conditions.patch

0002-Sanitize-op-stack-for-error-conditions.patch 6.1 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176 
  1. From a1de1e6ab51ab37a17975aad1193f2523e7e7e84 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Chris Liddell <chris.liddell@artifex.com>
    3. 

  3. Date: Wed, 5 Dec 2018 12:22:13 +0000
    4. 

  4. Subject: [PATCH] Sanitize op stack for error conditions
    5. 

  5. 

  6. We save the stacks to an array and store the array for the error handler to
    7. 

  7. access.
    8. 

  8. 

  9. For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
    10. 

  10. we make these copies, we check for operators that do *not* exist in systemdict,
    11. 

  11. when we find one, we replace the operator with a name object (of the form
    12. 

  12. "/--opname--").
    13. 

  13. 

  14. Signed-off-by: Baruch Siach <baruch@tkos.co.il>
    15. 

  15. ---
    16. 

  16. Upstream status: commit 13b0a36f818
    17. 

  17. 

  18.  psi/int.mak  |  3 +-
    19. 

  19.  psi/interp.c |  8 ++++++
    20. 

  20.  psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
    21. 

  21.  psi/istack.h |  3 ++
    22. 

  22.  4 files changed, 91 insertions(+), 1 deletion(-)
    23. 

  23. 

  24. diff --git a/psi/int.mak b/psi/int.mak
    25. 

  25. index 6ab5bf0069dd..6b349cb042dd 100644
    26. 

  26. --- a/psi/int.mak
    27. 

  27. +++ b/psi/int.mak
    28. 

  28. @@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
    29. 

  29.  $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
    30. 

  30.   $(ierrors_h) $(gsstruct_h) $(gsutil_h)\
    31. 

  31.   $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
    32. 

  32. - $(store_h) $(INT_MAK) $(MAKEDIRS)
    33. 

  33. + $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
    34. 

  34. + $(INT_MAK) $(MAKEDIRS)
    35. 

  35.  	$(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
    36. 

  36.  
    37. 

  37.  $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\
    38. 

  38. diff --git a/psi/interp.c b/psi/interp.c
    39. 

  39. index 6dc0ddae1b3c..aa5779c51420 100644
    40. 

  40. --- a/psi/interp.c
    41. 

  41. +++ b/psi/interp.c
    42. 

  42. @@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
    43. 

  43.      uint size = ref_stack_count(pstack) - skip;
    44. 

  44.      uint save_space = ialloc_space(idmemory);
    45. 

  45.      int code, i;
    46. 

  46. +    ref *safety, *safe;
    47. 

  47.  
    48. 

  48.      if (size > 65535)
    49. 

  49.          size = 65535;
    50. 

  50. @@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
    51. 

  51.                  make_null(&arr->value.refs[i]);
    52. 

  52.          }
    53. 

  53.      }
    54. 

  54. +    if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 &&
    55. 

  55. +        dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) &&
    56. 

  56. +        safe->value.boolval == true) {
    57. 

  57. +        code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
    58. 

  58. +        if (code < 0)
    59. 

  59. +            return code;
    60. 

  60. +    }
    61. 

  61.      ialloc_set_space(idmemory, save_space);
    62. 

  62.      return code;
    63. 

  63.  }
    64. 

  64. diff --git a/psi/istack.c b/psi/istack.c
    65. 

  65. index 8fe151fa5628..f1a3e511534d 100644
    66. 

  66. --- a/psi/istack.c
    67. 

  67. +++ b/psi/istack.c
    68. 

  68. @@ -27,6 +27,10 @@
    69. 

  69.  #include "iutil.h"
    70. 

  70.  #include "ivmspace.h"		/* for local/global test */
    71. 

  71.  #include "store.h"
    72. 

  72. +#include "icstate.h"
    73. 

  73. +#include "iname.h"
    74. 

  74. +#include "dstack.h"
    75. 

  75. +#include "idict.h"
    76. 

  76.  
    77. 

  77.  /* Forward references */
    78. 

  78.  static void init_block(ref_stack_t *pstack, const ref *pblock_array,
    79. 

  79. @@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count,
    80. 

  80.      return 0;
    81. 

  81.  }
    82. 

  82.  
    83. 

  83. +int
    84. 

  84. +ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr)
    85. 

  85. +{
    86. 

  86. +    int i, code;
    87. 

  87. +    ref obj, arr2;
    88. 

  88. +    ref *pobj2;
    89. 

  89. +    gs_memory_t *mem = (gs_memory_t *)idmemory->current;
    90. 

  90. +
    91. 

  91. +    if (!r_is_array(sarr) || !r_has_type(darr, t_array))
    92. 

  92. +        return_error(gs_error_typecheck);
    93. 

  93. +
    94. 

  94. +    for (i = 0; i < r_size(sarr); i++) {
    95. 

  95. +        code = array_get(mem, sarr, i, &obj);
    96. 

  96. +        if (code < 0)
    97. 

  97. +            make_null(&obj);
    98. 

  98. +        switch(r_type(&obj)) {
    99. 

  99. +          case t_operator:
    100. 

  100. +          {
    101. 

  101. +            int index = op_index(&obj);
    102. 

  102. +
    103. 

  103. +            if (index > 0 && index < op_def_count) {
    104. 

  104. +                const byte *data = (const byte *)(op_index_def(index)->oname + 1);
    105. 

  105. +                if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) {
    106. 

  106. +                    byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize");
    107. 

  107. +                    if (s) {
    108. 

  108. +                        s[0] =  '\0';
    109. 

  109. +                        strcpy((char *)s, "--");
    110. 

  110. +                        strcpy((char *)s + 2, (char *)data);
    111. 

  111. +                        strcpy((char *)s + strlen((char *)data) + 2, "--");
    112. 

  112. +                    }
    113. 

  113. +                    else {
    114. 

  114. +                        s = (byte *)data;
    115. 

  115. +                    }
    116. 

  116. +                    code = name_ref(imemory, s, strlen((char *)s), &obj, 1);
    117. 

  117. +                    if (code < 0) make_null(&obj);
    118. 

  118. +                    if (s != data)
    119. 

  119. +                        gs_free_object(mem, s, "ref_stack_array_sanitize");
    120. 

  120. +                }
    121. 

  121. +            }
    122. 

  122. +            else {
    123. 

  123. +                make_null(&obj);
    124. 

  124. +            }
    125. 

  125. +            ref_assign(darr->value.refs + i, &obj);
    126. 

  126. +            break;
    127. 

  127. +          }
    128. 

  128. +          case t_array:
    129. 

  129. +          case t_shortarray:
    130. 

  130. +          case t_mixedarray:
    131. 

  131. +          {
    132. 

  132. +            int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable);
    133. 

  133. +            /* We only want to copy executable arrays */
    134. 

  134. +            if (attrs & (a_execute | a_executable)) {
    135. 

  135. +                code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize");
    136. 

  136. +                if (code < 0) {
    137. 

  137. +                    make_null(&arr2);
    138. 

  138. +                }
    139. 

  139. +                else {
    140. 

  140. +                    code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2);
    141. 

  141. +                }
    142. 

  142. +                ref_assign(darr->value.refs + i, &arr2);
    143. 

  143. +            }
    144. 

  144. +            else {
    145. 

  145. +                ref_assign(darr->value.refs + i, &obj);
    146. 

  146. +            }
    147. 

  147. +            break;
    148. 

  148. +          }
    149. 

  149. +          default:
    150. 

  150. +            ref_assign(darr->value.refs + i, &obj);
    151. 

  151. +        }
    152. 

  152. +    }
    153. 

  153. +    return 0;
    154. 

  154. +}
    155. 

  155. +
    156. 

  156. +
    157. 

  157.  /*
    158. 

  158.   * Store the top 'count' elements of a stack, starting 'skip' elements below
    159. 

  159.   * the top, into an array, with or without store/undo checking.  age=-1 for
    160. 

  160. diff --git a/psi/istack.h b/psi/istack.h
    161. 

  161. index 051dcbe216cf..54be405adfb3 100644
    162. 

  162. --- a/psi/istack.h
    163. 

  163. +++ b/psi/istack.h
    164. 

  164. @@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count,
    165. 

  165.                      uint skip, int age, bool check,
    166. 

  166.                      gs_dual_memory_t *idmem, client_name_t cname);
    167. 

  167.  
    168. 

  168. +int
    169. 

  169. +ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr);
    170. 

  170. +
    171. 

  171.  /*
    172. 

  172.   * Pop the top N elements off a stack.
    173. 

  173.   * The number must not exceed the number of elements in use.
    174. 

  174. -- 
    175. 

  175. 2.20.1
    176. 

  176.