|
 |
c9d7fc |
diff -up ghostscript-9.06/base/gdevpdtd.c.pdfwrite-segfault ghostscript-9.06/base/gdevpdtd.c
|
|
|
c9d7fc |
--- ghostscript-9.06/base/gdevpdtd.c.pdfwrite-segfault 2012-08-08 09:01:36.000000000 +0100
|
|
|
c9d7fc |
+++ ghostscript-9.06/base/gdevpdtd.c 2013-05-16 09:28:07.410407852 +0100
|
|
|
c9d7fc |
@@ -699,7 +699,7 @@ pdf_write_FontDescriptor(gx_device_pdf *
|
|
|
c9d7fc |
if (code < 0)
|
|
|
c9d7fc |
return code;
|
|
|
c9d7fc |
}
|
|
|
c9d7fc |
- if (pfd->embed) {
|
|
|
c9d7fc |
+ if (pfd->embed && pfd->base_font->FontFile) {
|
|
|
c9d7fc |
code = pdf_write_FontFile_entry(pdev, pfd->base_font);
|
|
|
c9d7fc |
if (code < 0)
|
|
|
c9d7fc |
return code;
|
|
|
c9d7fc |
diff -up ghostscript-9.06/base/gxtype1.c.pdfwrite-segfault ghostscript-9.06/base/gxtype1.c
|
|
|
c9d7fc |
--- ghostscript-9.06/base/gxtype1.c.pdfwrite-segfault 2012-08-08 09:01:36.000000000 +0100
|
|
|
c9d7fc |
+++ ghostscript-9.06/base/gxtype1.c 2013-05-16 09:28:07.409407814 +0100
|
|
|
c9d7fc |
@@ -371,7 +371,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
|
|
|
c9d7fc |
const byte *cip, *end;
|
|
|
c9d7fc |
crypt_state state;
|
|
|
c9d7fc |
int c, hhints = 0, vhints = 0;
|
|
|
c9d7fc |
- int code;
|
|
|
c9d7fc |
+ int code, call_depth = 0;
|
|
|
c9d7fc |
|
|
|
c9d7fc |
CLEAR_CSTACK(cstack, csp);
|
|
|
c9d7fc |
cip = pgd->bits.data;
|
|
|
c9d7fc |
@@ -450,6 +450,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
|
|
|
c9d7fc |
}
|
|
|
c9d7fc |
break;
|
|
|
c9d7fc |
case c2_callgsubr:
|
|
|
c9d7fc |
+ call_depth++;
|
|
|
c9d7fc |
c = fixed2int_var(*csp) + pdata->gsubrNumberBias;
|
|
|
c9d7fc |
code = pdata->procs.subr_data
|
|
|
c9d7fc |
(pfont, c, true, &ipsp[1].cs_data);
|
|
|
c9d7fc |
@@ -462,6 +463,7 @@ gs_type1_piece_codes(/*const*/ gs_font_t
|
|
|
c9d7fc |
end = ipsp->cs_data.bits.data + ipsp->cs_data.bits.size;
|
|
|
c9d7fc |
goto call;
|
|
|
c9d7fc |
case c_callsubr:
|
|
|
c9d7fc |
+ call_depth++;
|
|
|
c9d7fc |
c = fixed2int_var(*csp) + pdata->subroutineNumberBias;
|
|
|
c9d7fc |
code = pdata->procs.subr_data
|
|
|
c9d7fc |
(pfont, c, false, &ipsp[1].cs_data);
|
|
|
c9d7fc |
@@ -474,6 +476,10 @@ gs_type1_piece_codes(/*const*/ gs_font_t
|
|
|
c9d7fc |
end = ipsp->cs_data.bits.data + ipsp->cs_data.bits.size;
|
|
|
c9d7fc |
goto call;
|
|
|
c9d7fc |
case c_return:
|
|
|
c9d7fc |
+ if (call_depth == 0)
|
|
|
c9d7fc |
+ return (gs_note_error(gs_error_invalidfont));
|
|
|
c9d7fc |
+ else
|
|
|
c9d7fc |
+ call_depth--;
|
|
|
c9d7fc |
gs_glyph_data_free(&ipsp->cs_data, "gs_type1_piece_codes");
|
|
|
c9d7fc |
--ipsp;
|
|
|
c9d7fc |
if (ipsp < ipstack)
|