From d570288e47a773bdb06ee38d7e75a6be2604fd63 Mon Sep 17 00:00:00 2001 From: lanlili <1158337594@qq.com> Date: Thu, 3 Aug 2023 00:14:20 +0800 Subject: [PATCH 1/3] repair CVE-2020-16298 --- contrib/japanese/gdevmjc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/japanese/gdevmjc.c b/contrib/japanese/gdevmjc.c index f7f6a13..9e7649c 100644 --- a/contrib/japanese/gdevmjc.c +++ b/contrib/japanese/gdevmjc.c @@ -1504,7 +1504,10 @@ mj_color_correct(gx_color_value *Rptr ,gx_color_value *Gptr , gx_color_value *Bp if (Y<0) Y=0; - if(H>256 && H<1024){ /* green correct */ + /* 2019-10-29 this used to be 'if(H>256 && H<1024)', which can then go + beyond bounds of the 512-element grnsep2[]. So have patched up to avoid + this, but without any proper idea about what's going on. */ + if(H>256 && H<768){ /* green correct */ short work; work=(((long)grnsep[M]*(long)grnsep2[H-256])>>16); C+=work; -- Gitee From e4f6cba7c781035fc51c38b09fb4ebcf528fe4ba Mon Sep 17 00:00:00 2001 From: lanlili <1158337594@qq.com> Date: Thu, 3 Aug 2023 00:17:05 +0800 Subject: [PATCH 2/3] !20 CVE-2020-16298 Repair: ghostscript --- contrib/japanese/gdevmjc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/japanese/gdevmjc.c b/contrib/japanese/gdevmjc.c index 9e7649c..93c87ea 100644 --- a/contrib/japanese/gdevmjc.c +++ b/contrib/japanese/gdevmjc.c @@ -1507,6 +1507,7 @@ mj_color_correct(gx_color_value *Rptr ,gx_color_value *Gptr , gx_color_value *Bp /* 2019-10-29 this used to be 'if(H>256 && H<1024)', which can then go beyond bounds of the 512-element grnsep2[]. So have patched up to avoid this, but without any proper idea about what's going on. */ + // by lanlili if(H>256 && H<768){ /* green correct */ short work; work=(((long)grnsep[M]*(long)grnsep2[H-256])>>16); -- Gitee From e90d8362654206aeeea1f88a477708b63669a53e Mon Sep 17 00:00:00 2001 From: lanlili <1158337594@qq.com> Date: Thu, 3 Aug 2023 00:30:23 +0800 Subject: [PATCH 3/3] !21 CVE-2020-16299 Repair: ghostscript --- contrib/japanese/gdev10v.c | 14 +++++++++++++- contrib/japanese/gdevalps.c | 15 +++++++++++---- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/contrib/japanese/gdev10v.c b/contrib/japanese/gdev10v.c index 510a74e..5b61797 100644 --- a/contrib/japanese/gdev10v.c +++ b/contrib/japanese/gdev10v.c @@ -68,13 +68,25 @@ static dev_proc_print_page(bj10v_print_page); static dev_proc_get_initial_matrix(bj10v_get_initial_matrix); #endif +static int +bj10v_open(gx_device * pdev) +{ + if (pdev->HWResolution[0] < 180 || + pdev->HWResolution[1] < 180) + { + emprintf(pdev->memory, "device requires a resolution of at least 180dpi\n"); + return_error(gs_error_rangecheck); + } + return gdev_prn_open(pdev); +} + #if 0 gx_device_procs prn_bj10v_procs = prn_matrix_procs(gdev_prn_open, bj10v_get_initial_matrix, gdev_prn_output_page, gdev_prn_close); #endif gx_device_procs prn_bj10v_procs = - prn_procs(gdev_prn_open, gdev_prn_output_page, gdev_prn_close); + prn_procs(bj10v_open, gdev_prn_output_page, gdev_prn_close); gx_device_printer gs_bj10v_device = prn_device(prn_bj10v_procs, "bj10v", diff --git a/contrib/japanese/gdevalps.c b/contrib/japanese/gdevalps.c index e6af9cf..c52c4b0 100644 --- a/contrib/japanese/gdevalps.c +++ b/contrib/japanese/gdevalps.c @@ -156,12 +156,19 @@ static int md_open(gx_device *pdev) { static const float md_margins[4] = - { MD_SIDE_MARGIN, MD_BOTTOM_MARGIN, + { + MD_SIDE_MARGIN, MD_BOTTOM_MARGIN, MD_SIDE_MARGIN, MD_TOP_MARGIN - }; + }; - gx_device_set_margins(pdev, md_margins, true); - return gdev_prn_open(pdev); + if (pdev->HWResolution[0] != 600) + { + emprintf(pdev->memory, "device must have an X resolution of 600dpi\n"); + return_error(gs_error_rangecheck); + } + + gx_device_set_margins(pdev, md_margins, true); + return gdev_prn_open(pdev); } /* MD5000 monochrome mode entrance. */ -- Gitee