1 files changed, 34 insertions, 0 deletions

diff --git a/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch
new file mode 100644
index 00000000..b33c5220
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch
@@ -0,0 +1,34 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 23 Aug 2018 11:20:56 +0000 (+0100)
+Subject: Bug 699668: handle stack overflow during error handling
+X-Git-Tag: ghostpdl-9.24rc1~17
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=b575e1ec
+
+Bug 699668: handle stack overflow during error handling
+
+When handling a Postscript error, we push the object throwing the error onto
+the operand stack for the error handling procedure to access - we were not
+checking the available stack before doing so, thus causing a crash.
+
+Basically, if we get a stack overflow when already handling an error, we're out
+of options, return to the caller with a fatal error.
+---
+
+diff --git a/psi/interp.c b/psi/interp.c
+index 8b49556..6150838 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -676,7 +676,12 @@ again:
+     /* Push the error object on the operand stack if appropriate. */
+     if (!GS_ERROR_IS_INTERRUPT(code)) {
+         /* Replace the error object if within an oparray or .errorexec. */
+-        *++osp = *perror_object;
++        osp++;
++        if (osp >= ostop) {
++            *pexit_code = gs_error_Fatal;
++            return_error(gs_error_Fatal);
++        }
++        *osp = *perror_object;
+         errorexec_find(i_ctx_p, osp);
+     }
+     goto again;