Skip to content

Commit

Permalink
raster-interpreter.c: Fix crash in 'scan_ps()' found by fuzzer
Browse files Browse the repository at this point in the history 
Fuzzer using `_cupsRasterExecPS()` found a way how to pass NULL into
`scan_ps()`, causing crash - we have to sanitize the argument for NULL
to fix it.

Fixes #831
  • Loading branch information
@zdohnal
zdohnal committed Nov 27, 2023
1 parent 0e3fe78 commit 766d8cd
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ Changes in CUPS v2.4.8 (TBA)
successfully printed jobs (Issue #830)
- Added warning if the device has to be asked for 'all,media-col-database' separately
(Issue #829)
- Fixed crash in `scan_ps()` if incoming argument is NULL (Issue #831)
- Fixed memory leak when creating color profiles (Issue #815)
- Fixed memory leak when unloading a job (Issue #813)
- Raised `cups_enum_dests()` timeout for listing available IPP printers (Issue #751)
Expand Down
2 changes: 2 additions & 0 deletions cups/raster-interpret.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1048,6 +1048,8 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */
int parens; /* Parenthesis nesting level */


if (!*ptr)
return (NULL);
/*
* Skip leading whitespace...
*/
Expand Down

0 comments on commit 766d8cd

Please sign in to comment.