Bug 690211 - buffer overflow
Summary: buffer overflow
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: General (show other bugs)
Version: 8.62
Hardware: PC Linux
: P4 normal
Assignee: Default assignee
Depends on:
Reported: 2008-12-22 07:13 UTC by Wolfgang Hamann
Modified: 2014-02-17 04:40 UTC (History)
1 user (show)

See Also:
Word Size: ---

problem_case (584.93 KB, application/postscript)
2008-12-22 08:42 UTC, Wolfgang Hamann
patch (499 bytes, patch)
2008-12-22 13:12 UTC, Alex Cherepanov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Hamann 2008-12-22 07:13:22 UTC
I have a file that causes a buffer overflow on some friend's 8.62 running on a
distro package built with fortify bounds checking.
The file displays without problems on my local system (8.63 without fortify),
runs through distiller, etc.
Can I attach or post the file in question?
The fortify dump reads:
*** buffer overflow detected ***: gs terminated
======= Backtrace: =========
Comment 1 Ray Johnston 2008-12-22 08:12:51 UTC
Please attach the file using the "Create a New Attachment" link in the
bug form (http://bugs.ghostscript.com/attachment.cgi?bugid=690211&action=enter)

If you don't wish to share the file, you are welcome to "Edit" the attachment
after uploading it to mark it "Private" in which case only Artifex Software
staff will be able to access the file, and we will treat it as confidential.
Comment 2 Wolfgang Hamann 2008-12-22 08:42:09 UTC
Created attachment 4668 [details]
Comment 3 Alex Cherepanov 2008-12-22 13:12:57 UTC
Created attachment 4669 [details]

There's indeed a buffer overflow caused by an incorrect calculation of the
size. The patch allocates sufficient buffer for the worst case.
Comment 4 Alex Cherepanov 2008-12-24 12:41:59 UTC
The patch is committed as a rev. 3904.
Regression testing shows no differences.

Running our regression testing with -D_FORTIFY_SOURCE=2
reports no other errors.