Bug 706467: Fix null deref in display device.

The display device can be initialised in a 'disabled' form when the callback is NULL. It seems we can get fill_rectangle called when in such a state, and we may not have initialised it, causing a SEGV. The fix is to initialise this to the usual display_fill_rectangle, function which will do nothing if callback is NULL, but won't crash. Thanks to Youngseok Choi for the report.
author: Robin Watts <Robin.Watts@artifex.com> 2023-03-10 11:18:17 +0000
committer: Chris Liddell <chris.liddell@artifex.com> 2023-03-13 09:08:11 +0000
commit: bc28396c93d90f857984cbcf9e342b37ecbd85c4 (patch)
tree: 99facde36f875684ac0e92f6ac00bc049c3490f8
parent: aec9a22ebceae97f7eae8677c6398aeaf9a69644 (diff)
download: ghostpdl-bc28396c93d90f857984cbcf9e342b37ecbd85c4.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/devices/gdevdsp.c b/devices/gdevdsp.c
index 90e25a79a..7790dd0e8 100644
--- a/devices/gdevdsp.c
+++ b/devices/gdevdsp.c
@@ -207,7 +207,10 @@ display_open(gx_device * dev)
     /* Allow device to be opened "disabled" without a callback. */
     /* The callback will be set later and the device re-opened. */
     if (ddev->callback == NULL)
+    {
+        fill_dev_proc(ddev, fill_rectangle, display_fill_rectangle);
         return 0;
+    }
     ccode = install_internal_subclass_devices((gx_device **)&ddev, NULL);
     if (ccode < 0)
         return ccode;
author	Robin Watts <Robin.Watts@artifex.com>	2023-03-10 11:18:17 +0000
committer	Chris Liddell <chris.liddell@artifex.com>	2023-03-13 09:08:11 +0000
commit	bc28396c93d90f857984cbcf9e342b37ecbd85c4 (patch)
tree	99facde36f875684ac0e92f6ac00bc049c3490f8
parent	aec9a22ebceae97f7eae8677c6398aeaf9a69644 (diff)
download	ghostpdl-bc28396c93d90f857984cbcf9e342b37ecbd85c4.tar.gz