Bug 699664 - corrupt device object after error in job
Summary: corrupt device object after error in job
Status: NOTIFIED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Security (public) (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 major
Assignee: Chris Liddell (chrisl)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-21 20:09 UTC by Tavis Ormandy
Modified: 2019-05-08 13:44 UTC (History)
6 users (show)

See Also:
Customer: 501,641
Word Size: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy 2018-08-21 20:09:04 UTC 
This was found by fuzzing, it causes a lot of weird error output, then crashes trying to close an invalid device object:

(Note, it only Repros with -f, it doesn't seem to work interactively)

$ cat current.ps
/Foobar
false
{ .startnewjob } stopped {} if
/Foobar exch def Foobar
{}
{ .unstoppederrorhandler } stopped {} if
.uninstallpagedevice
{ .runstringbegin } stopped {} if
grestoreall
{ wtranslation } stopped {} if
currentscreen
{ devforall } stopped {} if
.pdfcvsall
{ quit } stopped {} if
./gs -q -sDEVICE=ppmraw -dSAFER -f current.ps
Unrecoverable error: --nostringval-- in Foobar
<lots of error output>
Segmentation fault
Comment 1 Chris Liddell (chrisl) 2018-08-23 17:23:38 UTC 
Fixed in:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d911127