From dd676b5a4fa19fcbe608598e73e3ee6b5bd5ad84 Mon Sep 17 00:00:00 2001
From: Jacob Moody <moody@posixcafe.org>
Date: Mon, 17 Apr 2023 05:06:24 +0000
Subject: gs: patch CVE-2023-28879

https://offsec.almond.consulting/ghostscript-cve-2023-28879.html
https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179
---
 sys/src/cmd/gs/src/sbcp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'sys/src')

diff --git a/sys/src/cmd/gs/src/sbcp.c b/sys/src/cmd/gs/src/sbcp.c
index 3641954d7..53f8a27f7 100644
--- a/sys/src/cmd/gs/src/sbcp.c
+++ b/sys/src/cmd/gs/src/sbcp.c
@@ -51,6 +51,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
 	byte ch = *++p;
 
 	if (ch <= 31 && escaped[ch]) {
+	    /* Make sure we have space to store two characters in the write buffer,
+	     * if we don't then exit without consuming the input character, we'll process
+	     * that on the next time round.
+	     */
+	    if (pw->limit - q < 2) {
+		p--;
+		break;
+	    }
 	    if (p == rlimit) {
 		p--;
 		break;
-- 
cgit v1.2.3