From b661fd3bf2a7a8ba375131527551bd2834ad1abf Mon Sep 17 00:00:00 2001 From: Chris Liddell Date: Thu, 23 Aug 2018 12:20:56 +0100 Subject: [PATCH] Bug 699668: handle stack overflow during error handling When handling a Postscript error, we push the object throwing the error onto the operand stack for the error handling procedure to access - we were not checking the available stack before doing so, thus causing a crash. Basically, if we get a stack overflow when already handling an error, we're out of options, return to the caller with a fatal error. --- psi/interp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/psi/interp.c b/psi/interp.c index 3e3aaaa..1ed7074 100644 --- a/psi/interp.c +++ b/psi/interp.c @@ -665,7 +665,12 @@ again: /* Push the error object on the operand stack if appropriate. */ if (!ERROR_IS_INTERRUPT(code)) { /* Replace the error object if within an oparray or .errorexec. */ - *++osp = *perror_object; + osp++; + if (osp >= ostop) { + *pexit_code = gs_error_Fatal; + return_error(gs_error_Fatal); + } + *osp = *perror_object; errorexec_find(i_ctx_p, osp); } goto again; -- 2.14.4