diff options
Diffstat (limited to 'app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch')
-rw-r--r-- | app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch new file mode 100644 index 00000000..b33c5220 --- /dev/null +++ b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch @@ -0,0 +1,34 @@ +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 23 Aug 2018 11:20:56 +0000 (+0100) +Subject: Bug 699668: handle stack overflow during error handling +X-Git-Tag: ghostpdl-9.24rc1~17 +X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=b575e1ec + +Bug 699668: handle stack overflow during error handling + +When handling a Postscript error, we push the object throwing the error onto +the operand stack for the error handling procedure to access - we were not +checking the available stack before doing so, thus causing a crash. + +Basically, if we get a stack overflow when already handling an error, we're out +of options, return to the caller with a fatal error. +--- + +diff --git a/psi/interp.c b/psi/interp.c +index 8b49556..6150838 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -676,7 +676,12 @@ again: + /* Push the error object on the operand stack if appropriate. */ + if (!GS_ERROR_IS_INTERRUPT(code)) { + /* Replace the error object if within an oparray or .errorexec. */ +- *++osp = *perror_object; ++ osp++; ++ if (osp >= ostop) { ++ *pexit_code = gs_error_Fatal; ++ return_error(gs_error_Fatal); ++ } ++ *osp = *perror_object; + errorexec_find(i_ctx_p, osp); + } + goto again; |