diff options
| author | Chris Liddell <chris.liddell@artifex.com> | 2018-08-24 09:26:04 +0100 |
|---|---|---|
| committer | Chris Liddell <chris.liddell@artifex.com> | 2018-08-24 14:36:48 +0100 |
| commit | 5516c614dc33662a2afdc377159f70218e67bde5 (patch) | |
| tree | bdf9d1406e63706c0edeacccd22ed4d76d22d693 /psi/int.mak | |
| parent | b0a3854751363657998d4c9bd33c290bf9d07c67 (diff) | |
| download | ghostpdl-5516c614dc33662a2afdc377159f70218e67bde5.tar.gz | |
Improve restore robustness
Prompted by looking at Bug 699654:
There are two variants of the restore operator in Ghostscript: one is Level 1
(restoring VM), the other is Level 2+ (adding page device restoring to the
Level operator).
This was implemented by the Level 2+ version restoring the device in the
graphics state, then calling the Level 1 implementation to handle actually
restoring the VM state.
The problem was that the operand checking, and sanity of the save object was
only done by the Level 1 variant, thus meaning an invalid save object could
leave a (Level 2+) restore partially complete - with the page device part
restored, but not VM, and the page device not configured.
To solve that, this commit splits the operand and sanity checking, and the
core of the restore operation into separate functions, so the relevant
operators can validate the operand *before* taking any further action. That
reduces the chances of an invalid restore leaving the interpreter in an
unknown state.
If an error occurs during the actual VM restore it is essentially fatal, and the
interpreter cannot continue, but as an extra surety for security, in the event
of such an error, we'll explicitly preserve the LockSafetyParams of the device,
rather than rely on the post-restore device configuration (which won't happen
in the event of an error).
Diffstat (limited to 'psi/int.mak')
| -rw-r--r-- | psi/int.mak | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/psi/int.mak b/psi/int.mak index 19688202a..16db0cff0 100644 --- a/psi/int.mak +++ b/psi/int.mak @@ -1086,8 +1086,8 @@ $(PSD)pagedev.dev : $(ECHOGS_XE) $(pagedev_)\ $(PSOBJ)zdevice2.$(OBJ) : $(PSSRC)zdevice2.c $(OP) $(math__h) $(memory__h)\ $(dstack_h) $(estack_h)\ - $(idict_h) $(idparam_h) $(igstate_h) $(iname_h) $(iutil_h) $(store_h)\ - $(gxdevice_h) $(gsstate_h) $(INT_MAK) $(MAKEDIRS) + $(idict_h) $(idparam_h) $(igstate_h) $(iname_h) $(isave) $(iutil_h) \ + $(store_h) $(gxdevice_h) $(gsstate_h) $(INT_MAK) $(MAKEDIRS) $(PSCC) $(PSO_)zdevice2.$(OBJ) $(C_) $(PSSRC)zdevice2.c $(PSOBJ)zmedia2.$(OBJ) : $(PSSRC)zmedia2.c $(OP) $(math__h) $(memory__h)\ |