From ebcbe0d685911ffc95f3584f6fcbf1f695959757 Mon Sep 17 00:00:00 2001

From: Chris Liddell <chris.liddell@artifex.com>

Date: Tue, 21 Aug 2018 16:42:45 +0100

Subject: [PATCH] Bug 699656: Handle LockDistillerParams not being a boolean

This caused a function call commented as "Can't fail" to fail, and resulted

in memory correuption and a segfault.

---

 base/gdevpdfp.c | 2 +-

 psi/iparam.c    | 7 ++++---

 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/base/gdevpdfp.c b/base/gdevpdfp.c

index 7e12fe1..d0f0992 100644

--- a/base/gdevpdfp.c

+++ b/base/gdevpdfp.c

@@ -320,7 +320,7 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par

      * LockDistillerParams is read again, and reset if necessary, in

      * psdf_put_params.

      */

-    ecode = code = param_read_bool(plist, "LockDistillerParams", &locked);

+    ecode = code = param_read_bool(plist, (param_name = "LockDistillerParams"), &locked);

     if (ecode < 0)

         param_signal_error(plist, param_name, ecode);

diff --git a/psi/iparam.c b/psi/iparam.c

index 559b9b8..6f35745 100644

--- a/psi/iparam.c

+++ b/psi/iparam.c

@@ -821,10 +821,11 @@ static int

 ref_param_read_signal_error(gs_param_list * plist, gs_param_name pkey, int code)

 {

     iparam_list *const iplist = (iparam_list *) plist;

-    iparam_loc loc;

+    iparam_loc loc = {0};

-    ref_param_read(iplist, pkey, &loc, -1);	/* can't fail */

-    *loc.presult = code;

+    ref_param_read(iplist, pkey, &loc, -1);

+    if (loc.presult)

+        *loc.presult = code;

     switch (ref_param_read_get_policy(plist, pkey)) {

         case gs_param_policy_ignore:

             return 0;

-- 

2.14.4