--- /dev/null
+From de900010a6f2310d1fd54e99eeba466693da0e13 Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Wed, 20 Nov 2024 11:27:52 +0000
+Subject: Bug 708131: Fix confusion between bytes and shorts
+
+We were copying data from a string in multiple of shorts, rather than multiple
+of bytes, leading to both an read (probably benign, given the memory manager)
+and write buffer overflow.
+
+CVE-2025-27835
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13]
+CVE: CVE-2025-27835
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psi/zbfont.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/psi/zbfont.c b/psi/zbfont.c
+index acffb39ef..5850ab54d 100644
+--- a/psi/zbfont.c
++++ b/psi/zbfont.c
+@@ -253,7 +253,7 @@ gs_font_map_glyph_to_unicode(gs_font *font, gs_glyph glyph, int ch, ushort *u, u
+ if (l > length)
+ return l;
+
+- memcpy(unicode_return, v->value.const_bytes, l * sizeof(short));
++ memcpy(unicode_return, v->value.const_bytes, l);
+ return l;
+ }
+ if (r_type(v) == t_integer) {
+--
+cgit v1.2.3
+
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
