Discussion:
[gs-bugs] [Bug 696392] - Ghostscript - Seg faults found by fuzzing in gstate_free_contents (gsstate.c:1081)
b***@artifex.com
2017-07-19 14:26:56 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696392

Ken Sharp <***@artifex.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Priority|P4 |P1
Assignee|ghostpdl-***@artifex.com |***@artifex.com

--- Comment #1 from Ken Sharp <***@artifex.com> ---
On Linux this throws a 'double free or corruption' error before seg faulting.
The backtrace does not indicate a problem with gstate_free_contents(), but it
is called from pdf14_buf_free() so I'm assigning it to Michael as a possible
transparency problem.
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2017-08-12 00:03:51 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696392

Michael Vrhel <***@artifex.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|***@artifex.com |***@artifex.com
Status|UNCONFIRMED |CONFIRMED
Ever confirmed|0 |1

--- Comment #2 from Michael Vrhel <***@artifex.com> ---
Pushing this one to Ray as he had made fixes in the interpreter to avoid this
type of issue. Essential we get an error while in the middle of a transparency
group and so the interpreter ends up popping the pdf14 device. It should
instead be doing pdf14_discard_trans_layer which is supposed to handle all the
proper cleanup when things go badly.
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2017-10-16 13:35:29 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696392

Chris Liddell (chrisl) <***@artifex.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Group| |Security
Version|master |unspecified
Product|Ghostscript |Security
Severity|normal |blocker
Component|Fuzzing |Security
--
You are receiving this mail because:
You are the QA Contact for the bug.
b***@artifex.com
2017-10-24 03:59:09 UTC
Permalink
http://bugs.ghostscript.com/show_bug.cgi?id=696392

Ray Johnston <***@artifex.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|CONFIRMED |RESOLVED

--- Comment #3 from Ray Johnston <***@artifex.com> ---
This also no longer segfaults with the fix developed for 696372, but does
without that change.

*** This bug has been marked as a duplicate of bug 696372 ***
--
You are receiving this mail because:
You are the QA Contact for the bug.
Loading...