Bug 688703

Summary: Patch to fix possible security problem with ps2epsi.
Product: Ghostscript Reporter: Stefan Schweizer <genstef>
Component: ResourceAssignee: Ralph Giles <ralph.giles>
Status: NOTIFIED FIXED    
Severity: normal CC: purak
Priority: P4    
Version: 0.00   
Hardware: PC   
OS: Linux   
Customer: Word Size: ---
Attachments: ghostscript-afpl-8.53-ps2epsi-afpl.diff

Description Stefan Schweizer 2006-05-17 11:06:19 UTC 
This is a small patch. Despite that I do not think it is a real exploitable
issue, I think this patch should go in.
Without having it applied also the error message "sed: -e expression #1, char
42: Invalid range end" would appear.

Downstream bugs:
bugs.gentoo.org/128650
bugs.gentoo.org/128645
Comment 1 Stefan Schweizer 2006-05-17 11:06:45 UTC 
Created attachment 2201 [details]
ghostscript-afpl-8.53-ps2epsi-afpl.diff
Comment 2 Stefan Schweizer 2006-05-17 13:59:05 UTC 
the first hunk is obviously not needed it has already been fixed, the second one
is necessarry though.

I have asked some people to test this and the outcoe was:
21:57 <@nick1> Seems it works with locale set to C, but only then
21:57 <@nick2> ah, that could be
21:58 <@nick1> I'm not quite sure why it does work with \~ though...
21:58 <@nick1> nick3, it fails for me with en_GB.UTF-8

When I try on my commandline:
# sed -e 's:[!-~]::g'
sed: -e expression #1, char 10: Invalid range end
prefixed with LC_ALL=C it does not error out though
Comment 3 Alex Cherepanov 2006-05-25 10:14:35 UTC 
*** Bug 687304 has been marked as a duplicate of this bug. ***
Comment 4 Ralph Giles 2006-05-31 08:01:00 UTC 
second hunk was committed in r6803.