Bug 699668: handle stack overflow during error handling

When handling a Postscript error, we push the object throwing the error onto the operand stack for the error handling procedure to access - we were not checking the available stack before doing so, thus causing a crash. Basically, if we get a stack overflow when already handling an error, we're out of options, return to the caller with a fatal error.
author: Chris Liddell <chris.liddell@artifex.com> 2018-08-23 12:20:56 +0100
committer: Chris Liddell <chris.liddell@artifex.com> 2018-08-23 12:24:12 +0100
commit: b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 (patch)
tree: 0a3be9a030924720f85c61c879b8a4baf0ff9caa
parent: d224b4abec1d0bd991028b7e38e95d47b7a834f4 (diff)
download: ghostpdl-b575e1ec42cc86f6a58c603f2a88fcc2af699cc8.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/psi/interp.c b/psi/interp.c
index 8b4955693..615083867 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -676,7 +676,12 @@ again:
     /* Push the error object on the operand stack if appropriate. */
     if (!GS_ERROR_IS_INTERRUPT(code)) {
         /* Replace the error object if within an oparray or .errorexec. */
-        *++osp = *perror_object;
+        osp++;
+        if (osp >= ostop) {
+            *pexit_code = gs_error_Fatal;
+            return_error(gs_error_Fatal);
+        }
+        *osp = *perror_object;
         errorexec_find(i_ctx_p, osp);
     }
     goto again;
author	Chris Liddell <chris.liddell@artifex.com>	2018-08-23 12:20:56 +0100
committer	Chris Liddell <chris.liddell@artifex.com>	2018-08-23 12:24:12 +0100
commit	b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 (patch)
tree	0a3be9a030924720f85c61c879b8a4baf0ff9caa
parent	d224b4abec1d0bd991028b7e38e95d47b7a834f4 (diff)
download	ghostpdl-b575e1ec42cc86f6a58c603f2a88fcc2af699cc8.tar.gz