source:
branches/fc13-dev/server/common/patches/ghostscript-CVE-2010-1628.patch
@
1616
Last change on this file since 1616 was 1587, checked in by geofft, 14 years ago | |
---|---|
File size: 4.1 KB |
-
gs/psi/idosave.h
18 18 # define idosave_INCLUDED 19 19 20 20 /* 21 * Structure for saved change chain for save/restore. Because of the 22 * garbage collector, we need to distinguish the cases where the change 23 * is in a static object, a dynamic ref, or a dynamic struct. 24 */ 25 typedef struct alloc_change_s alloc_change_t; 26 struct alloc_change_s { 27 alloc_change_t *next; 28 ref_packed *where; 29 ref contents; 30 #define AC_OFFSET_STATIC (-2) /* static object */ 31 #define AC_OFFSET_REF (-1) /* dynamic ref */ 32 #define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */ 33 short offset; /* if >= 0, offset within struct */ 34 }; 35 36 /* 21 37 * Save a change that must be undone by restore. We have to pass the 22 38 * pointer to the containing object to alloc_save_change for two reasons: 23 39 * … … 29 45 * relocate the pointer to it from the change record during garbage 30 46 * collection. 31 47 */ 48 32 49 int alloc_save_change(gs_dual_memory_t *dmem, const ref *pcont, 33 50 ref_packed *ptr, client_name_t cname); 34 51 int alloc_save_change_in(gs_ref_memory_t *mem, const ref *pcont, … … 36 53 /* Remove an AC_OFFSET_ALLOCATED element. */ 37 54 void alloc_save_remove(gs_ref_memory_t *mem, ref_packed *obj, client_name_t cname); 38 55 /* Allocate a structure for recording an allocation event. */ 39 int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr);56 int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp); 40 57 41 58 #endif /* idosave_INCLUDED */ -
gs/psi/isave.c
156 156 /* A link to igcref.c . */ 157 157 ptr_proc_reloc(igc_reloc_ref_ptr_nocheck, ref_packed); 158 158 159 /*160 * Structure for saved change chain for save/restore. Because of the161 * garbage collector, we need to distinguish the cases where the change162 * is in a static object, a dynamic ref, or a dynamic struct.163 */164 typedef struct alloc_change_s alloc_change_t;165 struct alloc_change_s {166 alloc_change_t *next;167 ref_packed *where;168 ref contents;169 #define AC_OFFSET_STATIC (-2) /* static object */170 #define AC_OFFSET_REF (-1) /* dynamic ref */171 #define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */172 short offset; /* if >= 0, offset within struct */173 };174 175 159 static 176 160 CLEAR_MARKS_PROC(change_clear_marks) 177 161 { … … 519 503 520 504 /* Allocate a structure for recording an allocation event. */ 521 505 int 522 alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr)506 alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp) 523 507 { 524 508 register alloc_change_t *cp; 525 509 … … 533 517 cp->where = 0; 534 518 cp->offset = AC_OFFSET_ALLOCATED; 535 519 make_null(&cp->contents); 536 mem->changes = cp; 537 *ppr = &cp->where; 520 *pcp = cp; 538 521 return 1; 539 522 } 540 523 -
gs/psi/ialloc.c
185 185 */ 186 186 chunk_t *pcc = mem->pcc; 187 187 ref *end; 188 alloc_change_t *cp = 0; 189 int code = 0; 188 190 191 if ((gs_memory_t *)mem != mem->stable_memory) { 192 code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &cp); 193 if (code < 0) 194 return code; 195 } 189 196 obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1, 190 197 ref, &st_refs, cname); 191 198 if (obj == 0) … … 210 217 chunk_locate_ptr(obj, &cl); 211 218 cl.cp->has_refs = true; 212 219 } 213 if ((gs_memory_t *)mem != mem->stable_memory) { 214 ref_packed **ppr = 0; 215 int code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr); 216 if (code < 0) 217 return code; 218 if (ppr) 219 *ppr = (ref_packed *)obj; 220 } 220 if (cp) { 221 mem->changes = cp; 222 cp->where = (ref_packed *)obj; 223 } 221 224 } 222 225 make_array(parr, attrs | mem->space, num_refs, obj); 223 226 return 0;
Note: See TracBrowser
for help on using the repository browser.