diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2018-08-23 12:20:56 +0100 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2018-08-23 12:24:12 +0100 |
commit | b575e1ec42cc86f6a58c603f2a88fcc2af699cc8 (patch) | |
tree | 0a3be9a030924720f85c61c879b8a4baf0ff9caa | |
parent | d224b4abec1d0bd991028b7e38e95d47b7a834f4 (diff) | |
download | ghostpdl-b575e1ec42cc86f6a58c603f2a88fcc2af699cc8.tar.gz |
Bug 699668: handle stack overflow during error handling
When handling a Postscript error, we push the object throwing the error onto
the operand stack for the error handling procedure to access - we were not
checking the available stack before doing so, thus causing a crash.
Basically, if we get a stack overflow when already handling an error, we're out
of options, return to the caller with a fatal error.
-rw-r--r-- | psi/interp.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/psi/interp.c b/psi/interp.c index 8b4955693..615083867 100644 --- a/psi/interp.c +++ b/psi/interp.c @@ -676,7 +676,12 @@ again: /* Push the error object on the operand stack if appropriate. */ if (!GS_ERROR_IS_INTERRUPT(code)) { /* Replace the error object if within an oparray or .errorexec. */ - *++osp = *perror_object; + osp++; + if (osp >= ostop) { + *pexit_code = gs_error_Fatal; + return_error(gs_error_Fatal); + } + *osp = *perror_object; errorexec_find(i_ctx_p, osp); } goto again; |