Bug 694899: Avoid using invalid gstate pointer.

When we call pdf_begin_group, this can go away and do lots of
drawing. This can result in the gstate stack growing, which can
involve a realloc. Any gstate pointer we are holding must therefore
be recalculated after such a call.

The neatest way to do this is to get pdf_begin_group to return
the gstate pointer, thus making it hard to forget to do.

This solves:

  e2a1dda5393f4cb8a446fd8edd9d94f9_asan_heap-uaf_b938cf_2075_2393.pdf

Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for providing the example files.

0 files changed, 0 insertions, 0 deletions