From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 2 Aug 2019 15:18:26 +0100
Subject: Bug 701394: protect use of .forceput with executeonly
Origin: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19a8420a1bd2d5529325be35d78e94234
Bug-Debian: https://bugs.debian.org/934638
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-10216
Bug: https://bugs.ghostscript.com/show_bug.cgi?id=701394

---
 Resource/Init/gs_type1.ps | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
index 6c7735bc0cc3..a039ccee3590 100644
--- a/Resource/Init/gs_type1.ps
+++ b/Resource/Init/gs_type1.ps
@@ -118,25 +118,25 @@
                          ( to be the same as glyph: ) print 1 index //== exec } if
                    3 index exch 3 index .forceput
                                                                  % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
-                 }
+                 }executeonly
                  {pop} ifelse
-               } forall
+               } executeonly forall
                pop pop
-             }
+             } executeonly
              {
                pop pop pop
              } ifelse
-           }
+           } executeonly
            {
                                                                % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
              pop pop
            } ifelse
-         } forall
+         } executeonly forall
          3 1 roll pop pop
-     } if
+     } executeonly if
      pop
      dup /.AGLprocessed~GS //true .forceput
-   } if
+   } executeonly if
 
    %% We need to excute the C .buildfont1 in a stopped context so that, if there
    %% are errors we can put the stack back sanely and exit. Otherwise callers won't
-- 
2.20.1