diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2018-02-13 08:52:32 +0000 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2018-02-13 08:54:19 +0000 |
commit | 310a0bcaba3527903fc66fed2984f30d0bd4e4ab (patch) | |
tree | 04aff494556d7ed6e8ec40bb713c64b683ec954a | |
parent | 9bbf14bc7210bc54613b0f64a5ad95368891982a (diff) | |
download | ghostpdl-310a0bcaba3527903fc66fed2984f30d0bd4e4ab.tar.gz |
Bug 699016: add stack bounds check for Type 1 seac
The macro for checking the stack bounds is now called from both the Type 1 and
Type 2 charstring code, so move it to a common header, and tweak the name to
fit.
-rw-r--r-- | base/gstype2.c | 10 | ||||
-rw-r--r-- | base/gxtype1.c | 11 | ||||
-rw-r--r-- | base/gxtype1.h | 3 |
3 files changed, 13 insertions, 11 deletions
diff --git a/base/gstype2.c b/base/gstype2.c index cd9b681e9..37af9a27c 100644 --- a/base/gstype2.c +++ b/base/gstype2.c @@ -118,11 +118,6 @@ type2_vstem(gs_type1_state * pcis, cs_ptr csp, cs_ptr cstack) * error, or >0 when client intervention is required (or allowed). The int* * argument is only for compatibility with the Type 1 charstring interpreter. */ - -#define CHECK_CSTACK_BOUNDS(csaddr, cs) \ - (csaddr >= &(cs[0]) && \ - csaddr < &(cs[ostack_size])) - int gs_type2_interpret(gs_type1_state * pcis, const gs_glyph_data_t *pgd, int *ignore_pindex) @@ -242,7 +237,7 @@ gs_type2_interpret(gs_type1_state * pcis, const gs_glyph_data_t *pgd, case c_undef17: return_error(gs_error_invalidfont); case c_callsubr: - if (CHECK_CSTACK_BOUNDS(csp, cstack)) { + if (CS_CHECK_CSTACK_BOUNDS(csp, cstack)) { c = fixed2int_var(*csp) + pdata->subroutineNumberBias; code = pdata->procs.subr_data (pfont, c, false, &ipsp[1].cs_data); @@ -382,7 +377,7 @@ gs_type2_interpret(gs_type1_state * pcis, const gs_glyph_data_t *pgd, case cx_rmoveto: /* See vmoveto above re closing the subpath. */ check_first_operator(!((csp - cstack) & 1)); - if (CHECK_CSTACK_BOUNDS(&csp[-1], cstack)) { + if (CS_CHECK_CSTACK_BOUNDS(&csp[-1], cstack)) { if (csp > cstack + 1) { /* Some Type 2 charstrings omit the vstemhm operator before rmoveto, even though this is only allowed before hintmask and cntrmask. @@ -823,4 +818,3 @@ flex: { } } } -#undef CHECK_CSTACK_BOUNDS diff --git a/base/gxtype1.c b/base/gxtype1.c index 07329c690..38dab4438 100644 --- a/base/gxtype1.c +++ b/base/gxtype1.c @@ -515,9 +515,14 @@ gs_type1_piece_codes(/*const*/ gs_font_type1 *pfont, goto out; /* not seac */ do_seac: /* This is the payoff for all this code! */ - chars[0] = fixed2int(csp[-1]); - chars[1] = fixed2int(csp[0]); - return 1; + if (CS_CHECK_CSTACK_BOUNDS(&csp[-1], cstack)) { + chars[0] = fixed2int(csp[-1]); + chars[1] = fixed2int(csp[0]); + return 1; + } + else { + return_error(gs_error_invalidfont); + } case cx_escape: charstring_next(*cip, state, c, encrypted); ++cip; diff --git a/base/gxtype1.h b/base/gxtype1.h index d1445a4a9..6d8275338 100644 --- a/base/gxtype1.h +++ b/base/gxtype1.h @@ -175,6 +175,9 @@ typedef fixed *cs_ptr; csp = &cstack[pcis->os_count - 1];\ }\ END +#define CS_CHECK_CSTACK_BOUNDS(csaddr, cs) \ + (csaddr >= &(cs[0]) && \ + csaddr < &(cs[ostack_size])) #define CS_CHECK_PUSH(csp, cstack)\ BEGIN\ |