| Summary: | corrupt device object after error in job | ||
|---|---|---|---|
| Product: | Ghostscript | Reporter: | Tavis Ormandy <taviso> |
| Component: | Security (public) | Assignee: | Chris Liddell (chrisl) <chris.liddell> |
| Status: | NOTIFIED FIXED | ||
| Severity: | major | CC: | cbuissar, deekej, dr, jsmeix, scorneli, till.kamppeter |
| Priority: | P2 | ||
| Version: | unspecified | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | 501,641 | Word Size: | --- |
This was found by fuzzing, it causes a lot of weird error output, then crashes trying to close an invalid device object: (Note, it only Repros with -f, it doesn't seem to work interactively) $ cat current.ps /Foobar false { .startnewjob } stopped {} if /Foobar exch def Foobar {} { .unstoppederrorhandler } stopped {} if .uninstallpagedevice { .runstringbegin } stopped {} if grestoreall { wtranslation } stopped {} if currentscreen { devforall } stopped {} if .pdfcvsall { quit } stopped {} if ./gs -q -sDEVICE=ppmraw -dSAFER -f current.ps Unrecoverable error: --nostringval-- in Foobar <lots of error output> Segmentation fault