diff options
author | Ray Johnston <ray.johnston@artifex.com> | 2019-09-10 09:04:46 -0700 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2019-09-18 09:20:06 +0100 |
commit | 6cd0b941d86fe54b7e818e563dc702a147bab95a (patch) | |
tree | e21127e1543da6a10ee76f76010b8a1de8b96a92 | |
parent | f560f3c468ac187eca8cd55ee46a46e2924e0924 (diff) | |
download | ghostpdl-6cd0b941d86fe54b7e818e563dc702a147bab95a.tar.gz |
Fix bug 701550, problem with forall on strings.
Hard to believe, but this problem has existed since at least version 3.33.
The 'string_continue' function altered the size which was used to decide if
there were still characters to be processed BEFORE invoking the 'push(#)' macro.
If the 'push(1)' encountered a full stack segment, it would return stackoverflow
so that the operand stack could be extended. This meant that the decision to
stop enumerating the string would end early (depending on how many times the
stackoverflow occurred).
Usually the procedure of the forall would either consume the character (reducing
the stack), or add an element to the stack triggering the stack extension before
the next execution of string_continue, but -c "401 string { dup } forall count ="
results in only 800 stack elements (rather than 802 as expected).
-rw-r--r-- | psi/zgeneric.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/psi/zgeneric.c b/psi/zgeneric.c index 3a5e3982f..6169e99b0 100644 --- a/psi/zgeneric.c +++ b/psi/zgeneric.c @@ -501,8 +501,8 @@ string_continue(i_ctx_t *i_ctx_p) es_ptr obj = esp - 1; if (r_size(obj)) { /* continue */ - r_dec_size(obj, 1); - push(1); + push(1); /* check for result space on stack BEFORE changing string size */ + r_dec_size(obj, 1); /* Bug 701550 :-O */ make_int(op, *obj->value.bytes); obj->value.bytes++; esp += 2; |