[gs-bugs] [Bug 691295] Multiple memory corruption vulnerabilities

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Sun Jul 18 23:41:29 UTC 2010


http://bugs.ghostscript.com/show_bug.cgi?id=691295

--- Comment #13 from Alex Cherepanov <alex.cherepanov at artifex.com> 2010-07-18 23:41:24 UTC ---
Function gs_alloc_ref_array() allocates 2 blocks of memory with
alloc_save_change_alloc() and gs_alloc_struct_array().
Both rev. 7694 and rev. 11414 try to keep data structures consistent
when one of the allocations fails.

Originally, alloc_save_change_alloc() had side effects and rev. 7694 called it
last, but this approach causes regression noted in the bug report.

Rev. 11414 takes side effects out of gs_alloc_ref_array(), restores the call
order and patches alloc_change_t only when both allocations succeed.

-- 
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the gs-bugs mailing list