diff options
-rw-r--r-- | Resource/Init/gs_init.ps | 193 | ||||
-rw-r--r-- | Resource/Init/pdf_main.ps | 2 |
2 files changed, 122 insertions, 73 deletions
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps index 589e05063..ca76ec615 100644 --- a/Resource/Init/gs_init.ps +++ b/Resource/Init/gs_init.ps @@ -2110,6 +2110,118 @@ readonly def % If we are running in SAFER mode, lock things down SAFER { .setsafeglobal } if +/UndefinePostScriptOperators { + +%% This list is of Display PostScript operators. We believe that Display PostScript +%% was never fully implemented and the only known user, GNUStep, is no longer +%% using it. So lets remove it. +[ +/condition /currentcontext /detach /.fork /join /.localfork /lock /monitor /notify +/wait /yield /.currentscreenphase /.setscreenphase /.image2 /eoviewclip /initviewclip +/viewclip /viewclippath /defineusername +%% NeXT DPS extensions +/currentalpha /setalpha /.alphaimage /composite /compositerect /dissolve /sizeimagebox /.sizeimageparams +] +{systemdict exch .forceundef} forall + +%% This list is of operators which no longer appear to be used, and which we do not believe +%% to have any real use. For now we will undefine the operstors so they cannot easily be used +%% but can be easily restored (just delete the name from the list in the array). In future +%% we may remove the operator and the code implementation entirely. +[ +/.bitadd /.charboxpath /.currentblackptcomp /.setblackptcomp /.cond /.countexecstack /.execstack /.runandhide /.popdevicefilter +/.execfile /.filenamesplit /.file_name_parent +/.setdefaultmatrix /.isprocfilter /.unread /.psstringencode +/.buildsampledfunction /.isencapfunction /.currentaccuratecurves /.currentcurvejoin /.currentdashadapt /.currentdotlength +/.currentlimitclamp /.dotorientation /.setaccuratecurves /.setcurvejoin /.setdashadapt /.setdotorientation +/.setlimitclamp /.currentscreenlevels /.dashpath /.pathbbox /.identeq /.identne /.tokenexec /.forgetsave /.pantonecallback + +%% Used by our own test suite files +%%/.setdotlength % Bug687720.ps +] +{systemdict exch .forceundef} forall + +%% This list of operators are used internally by various parts of the Ghostscript startup code. +%% Since each operator is a potential security vulnerability, and any operator listed here +%% is not required once the initislisation is complete and functions are bound, we undefine +%% the ones that aren't needed at runtime. +[ +/.callinstall /.callbeginpage /.callendpage +/.currentstackprotect /.setstackprotect /.errorexec /.finderrorobject /.installsystemnames /.bosobject /.fontbbox +/.type1execchar /.type2execchar /.type42execchar /.setweightvector /.getuseciecolor /processcolors /.includecolorspace +/.execn /.instopped /.stop /.stopped /.setcolorrendering /.setdevicecolorrendering /.buildcolorrendering1 /.builddevicecolorrendering1 +/.TransformPQR_scale_WB0 /.TransformPQR_scale_WB1 /.TransformPQR_scale_WB2 /.currentoverprintmode /.copydevice2 +/.devicename /.doneshowpage /flushpage /.getbitsrect /.getdevice /.getdefaultdevice /.getdeviceparams /.gethardwareparams +/makewordimagedevice /.outputpage /.putdeviceparams /.setdevice /.currentshowpagecount +/.setpagedevice /.currentpagedevice /.knownundef /.setmaxlength /.rectappend /.initialize_dsc_parser /.parse_dsc_comments +/.fillCIDMap /.fillIdentityCIDMap /.buildcmap /.filenamelistseparator /.libfile /.getfilename +/.file_name_combine /.file_name_is_absolute /.file_name_separator /.file_name_directory_separator /.file_name_current /.filename +/.peekstring /.writecvp /.subfiledecode /.setupUnicodeDecoder /.jbig2makeglobalctx /.registerfont /.parsecff +/.getshowoperator /.getnativefonts /.beginform /.endform /.get_form_id /.repeatform /.reusablestream /.rsdparams +/.buildfunction /.currentfilladjust2 /.setfilladjust2 /.sethpglpathmode /.currenthpglpathmode +/.currenthalftone /.sethalftone5 /.image1 /.imagemask1 /.image3 /.image4 +/.getiodevice /.getdevparms /.putdevparams /.bbox_transform /.matchmedia /.matchpagesize /.defaultpapersize +/.oserrno /.setoserrno /.oserrorstring /.getCPSImode +/.getscanconverter /.setscanconverter /.type1encrypt /.type1decrypt/.languagelevel /.setlanguagelevel /.eqproc /.fillpage /.buildpattern1 /.saslprep +/.buildshading1 /.buildshadin2 /.buildshading3 /.buildshading4 /.buildshading5 /.buildshading6 /.buildshading7 /.buildshadingpattern +/.argindex /.bytestring /.namestring /.stringbreak /.stringmatch /.globalvmarray /.globalvmdict /.globalvmpackedarray /.globalvmstring +/.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile +/.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams +/.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath + +% Used by our own test suite files +%/.fileposition %image-qa.ps +%/.makeoperator /.setCPSImode % gs_cet.ps + +% Either our code uses these in ways which mean they can't be undefined, or they are used directly by +% test files/utilities, or engineers expressed a desire to keep them visible. +% +%/currentdevice /.sort /.buildfont0 /.buildfont1 /.buildfont2 /.buildfont3 /.buildfont4 /.buildfont9 /.buildfont10 /.buildfont11 +%/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors +%/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget +%/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9 +%/.tempfile /.numicc_components /.set_outputintent /.max /.min /.shfill /.vmreclaim /.getpath /.setglobal +%/.setdebug /.mementolistnewblocks /getenv +] +{systemdict exch .forceundef} forall + +//systemdict /UndefinePostScriptOperators .forceundef +} bind def + +/UndefinePDFOperators { +%% This list of operators are used internally by various parts of the Ghostscript PDF interpreter. +%% Since each operator is a potential security vulnerability, and any operator listed here +%% is not required once the initislisation is complete and functions are bound, we undefine +%% the ones that aren't needed at runtime. +[ +/.pdfawidthshow /.pdfwidthshow +/.setfillcolor /.setfillcolorspace /.setstrokecolor /.setstrokecolorspace /.currentrenderingintent /.setrenderingintent +/.currenttextrenderingmode /.settextspacing /.currenttextspacing /.settextleading /.currenttextleading +/.settextrise /.currenttextrise /.setwordspacing /.currentwordspacing /.settexthscaling /.currenttexthscaling +/.settextlinematrix /.currenttextlinematrix /.currenttextmatrix /.settextmatrix /.currentblendmode +/.currentopacityalpha /.currentshapealpha /.currenttextknockout +/.pushextendedgstate /.popextendedgstate /.begintransparencytextgroup +/.endtransparencytextgroup /.begintransparencymaskgroup /.begintransparencymaskimage /.endtransparencymask /.image3x +/.abortpdf14devicefilter /.pdfinkpath /.pdfFormName /.setstrokeconstantalpha +/.setfillconstantalpha /.setalphaisshape /.currentalphaisshape +/.settextspacing /.currenttextspacing /.settextleading /.currenttextleading /.settextrise /.currenttextrise +/.setwordspacing /.currentwordspacing /.settexthscaling /.currenttexthscaling + +% Used by our own test suite files +%/.pushpdf14devicefilter % transparency-example.ps +%/.poppdf14devicefilter % transparency-example.ps +%/.setopacityalpha % transparency-example.ps +%/.setshapealpha % transparency-example.ps +%/.endtransparencygroup % transparency-example.ps + +% undefining these causes errors/incorrect output +%/.settextrenderingmode /.setblendmode /.begintransparencygroup /.settextknockout /check_r6_password /.setstrokeoverprint /.setfilloverprint +%/.currentstrokeoverprint /.currentfilloverprint /.currentfillconstantalpha /.currentstrokeconstantalpha +] +{systemdict exch .forceundef} forall +//systemdict /UndefinePDFOperators .forceundef +} bind def + % If we delayed binding, make it possible to do it later. /.bindnow { currentuserparams /IdiomRecognition .knownget { @@ -2123,6 +2235,8 @@ SAFER { .setsafeglobal } if //systemdict /.delaybind {} .forceput % reclaim the space //systemdict /.bindnow .forceundef % ditto put +% //systemdict /UndefinePostScriptOperators get exec +% //systemdict /UndefinePDFOperators get exec //systemdict /.forcecopynew .forceundef % remove temptation //systemdict /.forcedef .forceundef % ditto //systemdict /.forceput .forceundef % ditto @@ -2230,79 +2344,12 @@ currentdict /.shadingtypes .undef currentdict /.wheredict .undef currentdict /.renderingintentdict .undef -%% This list is of Display PostScript operators. We believe that Display PostScript -%% was never fully implemented and the only known user, GNUStep, is no longer -%% using it. So lets remove it. -[ -/condition /currentcontext /detach /.fork /join /.localfork /lock /monitor /notify -/wait /yield /.currentscreenphase /.setscreenphase /.image2 /eoviewclip /initviewclip -/viewclip /viewclippath /defineusername -%% NeXT DPS extensions -/currentalpha /setalpha /.alphaimage /composite /compositerect /dissolve /sizeimagebox /.sizeimageparams -] -{currentdict exch .undef} forall - -%% This list is of operators which no longer appear to be used, and which we do not believe -%% to have any real use. For now we will undefine the operstors so they cannot easily be used -%% but can be easily restored (just delete the name from the list in the array). In future -%% we may remove the operator and the code implementation entirely. -[ -/.bitadd /.charboxpath /.currentblackptcomp /.setblackptcomp /.cond /.countexecstack /.execstack /.runandhide /.popdevicefilter -/.execfile /.filenamesplit /.file_name_parent -/.setdefaultmatrix /.isprocfilter /.unread /.psstringencode -/.buildsampledfunction /.isencapfunction /.currentaccuratecurves /.currentcurvejoin /.currentdashadapt /.currentdotlength -/.currentlimitclamp /.dotorientation /.setaccuratecurves /.setcurvejoin /.setdashadapt /.setdotorientation -/.setlimitclamp /.currentscreenlevels /.dashpath /.pathbbox /.identeq /.identne /.tokenexec /.forgetsave /.pantonecallback - -% Used by our own test suite files -%/.setdotlength % Bug687720.ps -] -{currentdict exch .undef} forall - -%% This list of operators are used internally by various parts of the Ghostscript startup code. -%% Since each operator is a potential security vulnerability, and any operator listed here -%% is not required once the initislisation is complete and functions are bound, we undefine -%% the ones that aren't needed at runtime. -[ -/.callinstall /.callbeginpage /.callendpage -/.currentstackprotect /.setstackprotect /.errorexec /.finderrorobject /.installsystemnames /.bosobject /.fontbbox -/.type1execchar /.type2execchar /.type42execchar /.setweightvector /.getuseciecolor /processcolors /.includecolorspace -/.execn /.instopped /.stop /.stopped /.setcolorrendering /.setdevicecolorrendering /.buildcolorrendering1 /.builddevicecolorrendering1 -/.TransformPQR_scale_WB0 /.TransformPQR_scale_WB1 /.TransformPQR_scale_WB2 /.currentoverprintmode /.copydevice2 -/.devicename /.doneshowpage /flushpage /.getbitsrect /.getdevice /.getdefaultdevice /.getdeviceparams /.gethardwareparams -/makewordimagedevice /.outputpage /.putdeviceparams /.setdevice /.currentshowpagecount -/.setpagedevice /.currentpagedevice /.knownundef /.setmaxlength /.rectappend /.initialize_dsc_parser /.parse_dsc_comments -/.fillCIDMap /.fillIdentityCIDMap /.buildcmap /.filenamelistseparator /.libfile /.getfilename -/.file_name_combine /.file_name_is_absolute /.file_name_separator /.file_name_directory_separator /.file_name_current /.filename -/.peekstring /.writecvp /.subfiledecode /.setupUnicodeDecoder /.jbig2makeglobalctx /.registerfont /.parsecff -/.getshowoperator /.getnativefonts /.beginform /.endform /.get_form_id /.repeatform /.reusablestream /.rsdparams -/.buildfunction /.currentfilladjust2 /.setfilladjust2 /.sethpglpathmode /.currenthpglpathmode -/.currenthalftone /.sethalftone5 /.image1 /.imagemask1 /.image3 /.image4 -/.getiodevice /.getdevparms /.putdevparams /.bbox_transform /.matchmedia /.matchpagesize /.defaultpapersize -/.oserrno /.setoserrno /.oserrorstring /.getCPSImode -/.getscanconverter /.setscanconverter /.type1encrypt /.type1decrypt/.languagelevel /.setlanguagelevel /.eqproc /.fillpage /.buildpattern1 /.saslprep -/.buildshading1 /.buildshadin2 /.buildshading3 /.buildshading4 /.buildshading5 /.buildshading6 /.buildshading7 /.buildshadingpattern -/.argindex /.bytestring /.namestring /.stringbreak /.stringmatch /.globalvmarray /.globalvmdict /.globalvmpackedarray /.globalvmstring -/.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile -/.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams -/.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath - -% Used by our own test suite files -%/.fileposition %image-qa.ps -%/.makeoperator /.setCPSImode % gs_cet.ps - -% Either our code uses these in ways which mean they can't be undefined, or they are used directly by -% test files/utilities, or engineers expressed a desire to keep them visible. -% -%/currentdevice /.sort /.buildfont0 /.buildfont1 /.buildfont2 /.buildfont3 /.buildfont4 /.buildfont9 /.buildfont10 /.buildfont11 -%/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors -%/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget -%/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9 -%/.tempfile /.numicc_components /.set_outputintent /.max /.min /.shfill /.vmreclaim /.getpath /.setglobal -%/.setdebug /.mementolistnewblocks /getenv -] -{currentdict exch .undef} forall - +%% If we are using DELAYBIND we have to defer the undefinition +%% until .bindnow. +DELAYBIND not { + //systemdict /UndefinePostScriptOperators get exec + //systemdict /UndefinePDFOperators .forceundef +} if end % Clean up VM, and enable GC. Use .vmreclaim to force the GC. diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps index 56fda6696..26feac8d0 100644 --- a/Resource/Init/pdf_main.ps +++ b/Resource/Init/pdf_main.ps @@ -3123,6 +3123,7 @@ currentdict /PDF2PS_matrix_key undef end % pdfdict .setglobal +DELAYBIND not { %% This list of operators are used internally by various parts of the Ghostscript PDF interpreter. %% Since each operator is a potential security vulnerability, and any operator listed here %% is not required once the initislisation is complete and functions are bound, we undefine @@ -3153,3 +3154,4 @@ end % pdfdict %/.currentstrokeoverprint /.currentfilloverprint /.currentfillconstantalpha /.currentstrokeconstantalpha ] {systemdict exch .undef} forall +} if |