Bug 706467: Fix null deref in display device.

The display device can be initialised in a 'disabled' form when the callback is NULL. It seems we can get fill_rectangle called when in such a state, and we may not have initialised it, causing a SEGV. The fix is to initialise this to the usual display_fill_rectangle, function which will do nothing if callback is NULL, but won't crash. Thanks to Youngseok Choi for the report.
author: Robin Watts <Robin.Watts@artifex.com> 2023-03-10 11:18:17 +0000
committer: Robin Watts <Robin.Watts@artifex.com> 2023-03-10 15:34:06 +0000
commit: 5e2c018ca8f0564d6528c2f7cff65446675e2211 (patch)
tree: 6e318a8d1ac676790239ab96082c00879660dfb8 /devices
parent: 0812fa75edd52162abc1bceae69b0e588b93895b (diff)
download: ghostpdl-5e2c018ca8f0564d6528c2f7cff65446675e2211.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/devices/gdevdsp.c b/devices/gdevdsp.c
index 90e25a79a..7790dd0e8 100644
--- a/devices/gdevdsp.c
+++ b/devices/gdevdsp.c
@@ -207,7 +207,10 @@ display_open(gx_device * dev)
     /* Allow device to be opened "disabled" without a callback. */
     /* The callback will be set later and the device re-opened. */
     if (ddev->callback == NULL)
+    {
+        fill_dev_proc(ddev, fill_rectangle, display_fill_rectangle);
         return 0;
+    }
     ccode = install_internal_subclass_devices((gx_device **)&ddev, NULL);
     if (ccode < 0)
         return ccode;
author	Robin Watts <Robin.Watts@artifex.com>	2023-03-10 11:18:17 +0000
committer	Robin Watts <Robin.Watts@artifex.com>	2023-03-10 15:34:06 +0000
commit	5e2c018ca8f0564d6528c2f7cff65446675e2211 (patch)
tree	6e318a8d1ac676790239ab96082c00879660dfb8 /devices
parent	0812fa75edd52162abc1bceae69b0e588b93895b (diff)
download	ghostpdl-5e2c018ca8f0564d6528c2f7cff65446675e2211.tar.gz