blob: b33c522091a99e49845d793468920ebe562215c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 23 Aug 2018 11:20:56 +0000 (+0100)
Subject: Bug 699668: handle stack overflow during error handling
X-Git-Tag: ghostpdl-9.24rc1~17
X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=b575e1ec
Bug 699668: handle stack overflow during error handling
When handling a Postscript error, we push the object throwing the error onto
the operand stack for the error handling procedure to access - we were not
checking the available stack before doing so, thus causing a crash.
Basically, if we get a stack overflow when already handling an error, we're out
of options, return to the caller with a fatal error.
---
diff --git a/psi/interp.c b/psi/interp.c
index 8b49556..6150838 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -676,7 +676,12 @@ again:
/* Push the error object on the operand stack if appropriate. */
if (!GS_ERROR_IS_INTERRUPT(code)) {
/* Replace the error object if within an oparray or .errorexec. */
- *++osp = *perror_object;
+ osp++;
+ if (osp >= ostop) {
+ *pexit_code = gs_error_Fatal;
+ return_error(gs_error_Fatal);
+ }
+ *osp = *perror_object;
errorexec_find(i_ctx_p, osp);
}
goto again;
|
