From 966ae9dc4ca3edce4ff592028baeb69fcebddeb7 Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Sat, 4 Aug 2012 16:35:09 +0200 Subject: Fix bug where too many content stream operands cause eternal loop Once enough operands were push on top of the operand stack an exception would be thrown. The exception handling ignored the exception, printed a warning and continued processing the content stream. Unfortunately the token was never consumed, so once the interpreter retried parsing the stream it encountered the same token again, causing the loop and thus a stack overflow. Now, make sure each token is consumed before throwing a new exception thereby breaking the eternal loop and letting pdfs with excessive operands be rendered, albeit with both errors and a warning. --- pdf/pdf_interpret.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'pdf') diff --git a/pdf/pdf_interpret.c b/pdf/pdf_interpret.c index efc007e4..0ecb7893 100644 --- a/pdf/pdf_interpret.c +++ b/pdf/pdf_interpret.c @@ -2561,9 +2561,6 @@ pdf_run_stream(pdf_csi *csi, pdf_obj *rdb, fz_stream *file, pdf_lexbuf *buf) { do { - if (csi->top == nelem(csi->stack) - 1) - fz_throw(ctx, "stack overflow"); - /* Check the cookie */ if (csi->cookie) { @@ -2640,13 +2637,21 @@ pdf_run_stream(pdf_csi *csi, pdf_obj *rdb, fz_stream *file, pdf_lexbuf *buf) break; case PDF_TOK_INT: - csi->stack[csi->top] = buf->i; - csi->top ++; + if (csi->top < nelem(csi->stack)) { + csi->stack[csi->top] = buf->i; + csi->top ++; + } + else + fz_throw(ctx, "stack overflow"); break; case PDF_TOK_REAL: - csi->stack[csi->top] = buf->f; - csi->top ++; + if (csi->top < nelem(csi->stack)) { + csi->stack[csi->top] = buf->f; + csi->top ++; + } + else + fz_throw(ctx, "stack overflow"); break; case PDF_TOK_STRING: -- cgit v1.2.3