diff options
author | Ken Sharp <ken.sharp@artifex.com> | 2022-08-31 13:03:12 +0100 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2022-09-02 15:59:07 +0100 |
commit | c42debfe5541e01b5b4207a0196de7b1bbd59725 (patch) | |
tree | 2f16ba38a38d230b559d384cf5dc9821d6619747 /Resource | |
parent | 7cd52217972e1d6ad6659ee9043d9d4a67c34b62 (diff) | |
download | ghostpdl-c42debfe5541e01b5b4207a0196de7b1bbd59725.tar.gz |
GhostPDF + GS - small optimisation and avoid a circular reference
Bug #705834 "stack overflow in psi/idict.c:160 dict_alloc (exploitable)"
This is caused by subsequent calls to .PDFInfo causing the Info
dictionary to end up with circular references as we replace indirect
references with PDF objects.
I'd been meaning for some time to revisit the PostScript code and avoid
calling .PDFInfo multiple times just for performance reasons (we have to
convert the PDF dictionary to a PostScript dictionary every time).
This commit uses the stored PostScript dictionary 'PDFInfo' instead of
calling .PDFInfo which avoids the circular reference and is slightly
more efficient.
Diffstat (limited to 'Resource')
-rw-r--r-- | Resource/Init/pdf_main.ps | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps index f5fcdd62f..23078a08f 100644 --- a/Resource/Init/pdf_main.ps +++ b/Resource/Init/pdf_main.ps @@ -807,31 +807,36 @@ currentdict /PDFSwitches undef /newpdf_pagecount { - PDFFile //null eq not + currentdict /PDFInfo known { - PDFSTOPONERROR - { - PDFFile .PDFInfo //true - } - { - PDFFile {.PDFInfo} stopped not - } ifelse - + PDFInfo + } + { + PDFFile //null eq not { - dup /NumPages known + PDFSTOPONERROR { - /NumPages get + PDFFile .PDFInfo //false } { - pop 0 + PDFFile {.PDFInfo} stopped } ifelse } { - pop 0 - } ifelse + //true + }ifelse + + { + <</NumPages 0>> + } if + } ifelse + + dup /NumPages known + { + /NumPages get } { - 0 + pop 0 } ifelse }bind def @@ -958,6 +963,7 @@ currentdict /PDFSwitches undef pop }ifelse }ifelse + (Defined PDFInfo) == flush } bind def /newpdf_pdfgetpage @@ -1073,6 +1079,7 @@ currentdict /PDFSwitches undef <</NumPages 0>> } { +(2) == flush PDFFile {.PDFInfo} stopped { pop |