gs: patch CVE-2023-28879

https://offsec.almond.consulting/ghostscript-cve-2023-28879.html https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179
author: Jacob Moody <moody@posixcafe.org> 2023-04-17 05:06:24 +0000
committer: Jacob Moody <moody@posixcafe.org> 2023-04-17 05:06:24 +0000
commit: dd676b5a4fa19fcbe608598e73e3ee6b5bd5ad84 (patch)
tree: 2637fa593b808d5224a718d4396b901f1a541919 /sys/src/cmd/gs
parent: 969116f1277b9a5b96facc7f934ae2119858705a (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/src/cmd/gs/src/sbcp.c b/sys/src/cmd/gs/src/sbcp.c
index 3641954d7..53f8a27f7 100644
--- a/sys/src/cmd/gs/src/sbcp.c
+++ b/sys/src/cmd/gs/src/sbcp.c
@@ -51,6 +51,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
 	byte ch = *++p;
 
 	if (ch <= 31 && escaped[ch]) {
+	    /* Make sure we have space to store two characters in the write buffer,
+	     * if we don't then exit without consuming the input character, we'll process
+	     * that on the next time round.
+	     */
+	    if (pw->limit - q < 2) {
+		p--;
+		break;
+	    }
 	    if (p == rlimit) {
 		p--;
 		break;
author	Jacob Moody <moody@posixcafe.org>	2023-04-17 05:06:24 +0000
committer	Jacob Moody <moody@posixcafe.org>	2023-04-17 05:06:24 +0000
commit	dd676b5a4fa19fcbe608598e73e3ee6b5bd5ad84 (patch)
tree	2637fa593b808d5224a718d4396b901f1a541919 /sys/src/cmd/gs
parent	969116f1277b9a5b96facc7f934ae2119858705a (diff)