Bug 99012 - Invalid access with libspectre 0.2.8 and latest Ubuntu ghostscript security update
Summary: Invalid access with libspectre 0.2.8 and latest Ubuntu ghostscript security u...
Status: RESOLVED NOTOURBUG
Alias: None
Product: libspectre
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: high normal
Assignee: Carlos Garcia Campos
QA Contact: Carlos Garcia Campos
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-07 03:14 UTC by Jeremy Bicha
Modified: 2016-12-07 20:57 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
ubuntu-patch1 (8.39 KB, patch)
2016-12-07 03:14 UTC, Jeremy Bicha 		Details | Splinter Review
ubuntu-patch2 (8.39 KB, patch)
2016-12-07 03:14 UTC, Jeremy Bicha 		Details | Splinter Review
View All

Description Jeremy Bicha 2016-12-07 03:14:02 UTC 
Created attachment 128364 [details] [review]
ubuntu-patch1

1. Install the latest Ubuntu security update for ghostscript on a stable Ubuntu release (I tested with 16.10)

2. Install libspectre1 0.2.8-1 (it's available in zesty-proposed).

3. Open a .eps with Evince. Here's a test file:

https://bugs.launchpad.net/ubuntu/+source/libspectre/+bug/1348384/+attachment/4171120/+files/countrate.eps

What happens:
The .eps fails to display. If run from a terminal, this is output:

 invalidaccess -7

Ubuntu's libspectre 0.2.7 does not have this problem. Note that Ubuntu 16.10 handled bug 76450 differently than the fix that was included in 0.2.8. I am attaching the two Ubuntu patches that Ubuntu applied against 0.2.7.
Comment 1 Jeremy Bicha 2016-12-07 03:14:32 UTC 
Created attachment 128365 [details] [review]
ubuntu-patch2
Comment 2 Jeremy Bicha 2016-12-07 20:57:02 UTC 
This was fixed in Ubuntu by another ghostscript update today. See
https://launchpad.net/ubuntu/+source/ghostscript/9.19~dfsg+1-0ubuntu6.3

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.