raster-interpreter.c: Fix crash in 'scan_ps()' found by fuzzer

Fuzzer using `_cupsRasterExecPS()` found a way how to pass NULL into
`scan_ps()`, causing crash - we have to sanitize the argument for NULL
to fix it.

Fixes #831

diff --git a/CHANGES.md b/CHANGES.md
index f50b6f5ed9c353cdf8296f01b8361483ccfcc195..f494a075a61758fa34838449040e3562646a0737 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -8,6 +8,7 @@ Changes in CUPS v2.4.8 (TBA)
   successfully printed jobs (Issue #830)
 - Added warning if the device has to be asked for 'all,media-col-database' separately
   (Issue #829)
+- Fixed crash in `scan_ps()` if incoming argument is NULL (Issue #831)
 - Fixed memory leak when creating color profiles (Issue #815)
 - Fixed memory leak when unloading a job (Issue #813)
 - Raised `cups_enum_dests()` timeout for listing available IPP printers (Issue #751)

diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
index b8655c8c67f74af4ce4bf5abdd03eddb886448a0..653d9ea5e23300508c3993417c8502e664ab9600 100644 (file)
--- a/cups/raster-interpret.c
+++ b/cups/raster-interpret.c
@@ -1048,6 +1048,8 @@ scan_ps(_cups_ps_stack_t *st,             /* I  - Stack */
   int                  parens;         /* Parenthesis nesting level */
 
 
+  if (!*ptr)
+    return (NULL);
  /*
   * Skip leading whitespace...
   */