From 1a18793a02e1dab7676d594366b93847fde6fe44 Mon Sep 17 00:00:00 2001
From: Michael Vrhel <michael.vrhel@artifex.com>
Date: Wed, 13 Apr 2022 16:37:07 -0700
Subject: Bug 705197  OSS 46307

In the example of Bug 705197 the PDF interpreter
reuses a pattern during a circular reference causing an aliasing
of two nested patterns, one of which has a softmask. The change in
the buffer size of the inner one blows away the color information of the
outer one leading to a mismatch of color spaces. Added a check
in the pdf14 group composition to catch the case when the color space sizes
are wrong and avoid buffer over-runs that would occur when we try
to do the group composition.  I return a Fatal error to the interpreter
thinking it would stop but it seems to swallow this and continue on its way.
Clearly being in this situation indicates something very bad has
happened I would expect to see GS error out when this occurs.
---
 base/gsptype1.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'base/gsptype1.c')

diff --git a/base/gsptype1.c b/base/gsptype1.c
index 75f6b9529..cea1ad3bc 100644
--- a/base/gsptype1.c
+++ b/base/gsptype1.c
@@ -1960,7 +1960,7 @@ gx_dc_pattern_write(
            Just write the tile id. */
         gs_id id = ptile->id; /* Ensure sizeof(gs_id). */
         if_debug2m('v', dev->memory,
-                   "[v*] Writing trans tile ID into clist, uid = %ld id = %ld \n",
+                   "[v*] Writing trans tile ID into clist, uid = %ld id = %u \n",
                    ptile->uid.id, ptile->id);
         memcpy(dp, &ptile->id, sizeof(id));
         *psize = sizeof(gs_id);
@@ -1972,7 +1972,7 @@ gx_dc_pattern_write(
        the clist */
         if (ptile->ttrans != NULL) {
             if_debug2m('v', dev->memory,
-                       "[v*] Writing trans tile into clist, uid = %ld id = %ld \n",
+                       "[v*] Writing trans tile into clist, uid = %ld id = %u \n",
                        ptile->uid.id, ptile->id);
             return gx_dc_pattern_trans_write_raster(ptile, offset, data, psize);
         }
@@ -2286,7 +2286,7 @@ gx_dc_pattern_read(
                 ptile->ttrans->deep = deep;
                 pdevc->type = &gx_dc_pattern_trans;
                 if_debug2m('v', pgs->memory,
-                           "[v*] Reading trans tile from clist into cache, uid = %ld id = %ld \n",
+                           "[v*] Reading trans tile from clist into cache, uid = %ld id = %u \n",
                            ptile->uid.id, ptile->id);
 
                 code = gx_dc_pattern_read_trans_buff(ptile, offset1, dp, left, mem);
-- 
cgit v1.2.1