From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 23 Aug 2018 11:20:56 +0000 (+0100)
Subject: Bug 699668: handle stack overflow during error handling
X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=b575e1ec

Bug 699668: handle stack overflow during error handling

When handling a Postscript error, we push the object throwing the error onto
the operand stack for the error handling procedure to access - we were not
checking the available stack before doing so, thus causing a crash.

Basically, if we get a stack overflow when already handling an error, we're out
of options, return to the caller with a fatal error.
---

diff --git a/psi/interp.c b/psi/interp.c
index 8b49556..6150838 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -676,7 +676,12 @@ again:
     /* Push the error object on the operand stack if appropriate. */
     if (!GS_ERROR_IS_INTERRUPT(code)) {
         /* Replace the error object if within an oparray or .errorexec. */
-        *++osp = *perror_object;
+        osp++;
+        if (osp >= ostop) {
+            *pexit_code = gs_error_Fatal;
+            return_error(gs_error_Fatal);
+        }
+        *osp = *perror_object;
         errorexec_find(i_ctx_p, osp);
     }
     goto again;