Ghostscript - clean up exec stack on error sampling functions

OSS-fuzz #55898 When sampling a PostScript function, if the supplied function consumes more operands from the operand stack than were present, then we throw an error, attempt to unwind the stack and exit. However, we weren't cleaning up the execution stack. This could eventually lead to us trying to execute the completion routine stored there, which would fail badly. This commit just tidies up the execution stack, removing the objects we no longer need when returning an error.
author: Ken Sharp <ken.sharp@artifex.com> 2023-02-14 11:12:17 +0000
committer: Ken Sharp <ken.sharp@artifex.com> 2023-02-14 11:13:42 +0000
commit: 372b7efe8d597b56fb96bf6137af42a48e644fb4 (patch)
tree: 78cd580fb1ab3cc3e34ad7356d897e1fc13ef141 /psi
parent: 991cae93692c4c9bdd6608adcef52d48ff1e3577 (diff)
download: ghostpdl-372b7efe8d597b56fb96bf6137af42a48e644fb4.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/psi/zfsample.c b/psi/zfsample.c
index 791f24b4b..6bbadfd75 100644
--- a/psi/zfsample.c
+++ b/psi/zfsample.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2001-2022 Artifex Software, Inc.
+/* Copyright (C) 2001-2023 Artifex Software, Inc.
    All Rights Reserved.
 
    This software is provided AS-IS with no warranty, either express or
@@ -504,6 +504,7 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
              * hope.
              */
             push(-stack_depth_adjust);
+            esp -= estack_storage;
             return_error(gs_error_undefinedresult);
         }
     }
author	Ken Sharp <ken.sharp@artifex.com>	2023-02-14 11:12:17 +0000
committer	Ken Sharp <ken.sharp@artifex.com>	2023-02-14 11:13:42 +0000
commit	372b7efe8d597b56fb96bf6137af42a48e644fb4 (patch)
tree	78cd580fb1ab3cc3e34ad7356d897e1fc13ef141 /psi
parent	991cae93692c4c9bdd6608adcef52d48ff1e3577 (diff)
download	ghostpdl-372b7efe8d597b56fb96bf6137af42a48e644fb4.tar.gz