calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6462d725bb'
${ noResults }
gentoo-overlay/app-text/mupdf/files/mupdf-1.10a-null-pointer-2....

89 lines
2.6 KiB
Raw Blame History

From: Robin Watts <robin.watts@artifex.com>
Date: Thu, 9 Feb 2017 15:49:15 +0000 (+0000)
Subject: Bug 697500: Fix NULL ptr access.
X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff_plain;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465;hp=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
Bug 697500: Fix NULL ptr access.
Cope better with errors during rendering - avoid letting the
gstate stack get out of sync.
This avoids us ever getting into the situation of popping
a clip when we should be popping a mask or a group. This was
causing an unexpected case in the painting.
---
diff --git a/source/pdf/pdf-op-run.c b/source/pdf/pdf-op-run.c
index a3ea895..f1eac8d 100644
--- a/source/pdf/pdf-op-run.c
+++ b/source/pdf/pdf-op-run.c
@@ -1213,6 +1213,7 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
pdf_run_processor *pr = (pdf_run_processor *)proc;
pdf_gstate *gstate = NULL;
int oldtop = 0;
+ int oldbot = -1;
fz_matrix local_transform = *transform;
softmask_save softmask = { NULL };
int gparent_save;
@@ -1232,16 +1233,17 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
fz_var(cleanup_state);
fz_var(gstate);
fz_var(oldtop);
+ fz_var(oldbot);
gparent_save = pr->gparent;
pr->gparent = pr->gtop;
+ oldtop = pr->gtop;
fz_try(ctx)
{
pdf_gsave(ctx, pr);
gstate = pr->gstate + pr->gtop;
- oldtop = pr->gtop;
pdf_xobject_bbox(ctx, xobj, &xobj_bbox);
pdf_xobject_matrix(ctx, xobj, &xobj_matrix);
@@ -1302,12 +1304,25 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
doc = pdf_get_bound_document(ctx, xobj->obj);
+ oldbot = pr->gbot;
+ pr->gbot = pr->gtop;
+
pdf_process_contents(ctx, (pdf_processor*)pr, doc, resources, xobj->obj, NULL);
}
fz_always(ctx)
{
+ /* Undo any gstate mismatches due to the pdf_process_contents call */
+ if (oldbot != -1)
+ {
+ while (pr->gtop > pr->gbot)
+ {
+ pdf_grestore(ctx, pr);
+ }
+ pr->gbot = oldbot;
+ }
+
if (cleanup_state >= 3)
- pdf_grestore(ctx, pr); /* Remove the clippath */
+ pdf_grestore(ctx, pr); /* Remove the state we pushed for the clippath */
/* wrap up transparency stacks */
if (transparency)
@@ -1341,13 +1356,8 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
pr->gstate[pr->gparent].ctm = gparent_save_ctm;
pr->gparent = gparent_save;
- if (gstate)
- {
- while (oldtop < pr->gtop)
- pdf_grestore(ctx, pr);
-
+ while (oldtop < pr->gtop)
pdf_grestore(ctx, pr);
- }
pdf_unmark_obj(ctx, xobj->obj);
}
Reference in new issue View Git Blame Copy Permalink