raster-interpret.c: Fix CVE-2023-4504

We didn't check for end of buffer if it looks there is an escaped character - check for NULL terminator there and if found, return NULL as return value and in `ptr`, because a lone backslash is not a valid PostScript character.
OpenPrinting · Sep 4, 2023 · 262c909 · 262c909
1 parent 30b35cc
commit 262c909
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/ppd/raster-interpret.c b/ppd/raster-interpret.c
@@ -1270,7 +1270,19 @@ ppd_scan_ps(_ppd_ps_stack_t  *st,	// I  - Stack
 
 	    cur ++;
 
-            if (*cur == 'b')
+	   /*
+	    * Return NULL if we reached NULL terminator, a lone backslash
+            * is not a valid character in PostScript.
+	    */
+
+	    if (!*cur)
+	    {
+	      *ptr = NULL;
+
+	      return (NULL);
+	    }
+
+	    if (*cur == 'b')
 	      *valptr++ = '\b';
 	    else if (*cur == 'f')
 	      *valptr++ = '\f';