Bug 690211 - buffer overflow
buffer overflow
Product: Ghostscript
Classification: Unclassified
Component: General
PC Linux
: P4 normal
Assigned To: Default assignee
Bug traffic
Depends on:
  Show dependency treegraph
Reported: 2008-12-22 07:13 PST by Wolfgang Hamann
Modified: 2014-02-17 04:40 PST (History)
1 user (show)

See Also:
Word Size: ---

problem_case (584.93 KB, application/postscript)
2008-12-22 08:42 PST, Wolfgang Hamann
patch (499 bytes, patch)
2008-12-22 13:12 PST, Alex Cherepanov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Hamann 2008-12-22 07:13:22 PST
I have a file that causes a buffer overflow on some friend's 8.62 running on a
distro package built with fortify bounds checking.
The file displays without problems on my local system (8.63 without fortify),
runs through distiller, etc.
Can I attach or post the file in question?
The fortify dump reads:
*** buffer overflow detected ***: gs terminated
======= Backtrace: =========
Comment 1 Ray Johnston 2008-12-22 08:12:51 PST
Please attach the file using the "Create a New Attachment" link in the
bug form (http://bugs.ghostscript.com/attachment.cgi?bugid=690211&action=enter)

If you don't wish to share the file, you are welcome to "Edit" the attachment
after uploading it to mark it "Private" in which case only Artifex Software
staff will be able to access the file, and we will treat it as confidential.
Comment 2 Wolfgang Hamann 2008-12-22 08:42:09 PST
Created attachment 4668 [details]
Comment 3 Alex Cherepanov 2008-12-22 13:12:57 PST
Created attachment 4669 [details]

There's indeed a buffer overflow caused by an incorrect calculation of the
size. The patch allocates sufficient buffer for the worst case.
Comment 4 Alex Cherepanov 2008-12-24 12:41:59 PST
The patch is committed as a rev. 3904.
Regression testing shows no differences.

Running our regression testing with -D_FORTIFY_SOURCE=2
reports no other errors.