From 7ee525fd0010a4f0bb507417860e9faa058c6315 Mon Sep 17 00:00:00 2001 From: Ken Sharp <ken.sharp@artifex.com> Date: Fri, 21 Sep 2018 09:49:58 +0100 Subject: [PATCH] Bug #699801 "zparse_dsc_comments can crash with invalid dsc_state" Although zparse_dsc_comments() does check the types of its operands, it wasn't checking the return value from dict_find_string properly. It was effectively assuming that the dictionary parameter was the *correct* dictionary and would contain the key/value pair it needed. Here we check to see if the key has not been found and throw an error if so. --- psi/zdscpars.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/psi/zdscpars.c b/psi/zdscpars.c index ca3d3d4..a8cb75d 100644 --- a/psi/zdscpars.c +++ b/psi/zdscpars.c @@ -457,6 +457,9 @@ zparse_dsc_comments(i_ctx_t *i_ctx_p) code = dict_find_string(opDict, dsc_dict_name, &pvalue); if (code < 0) return code; + if (code == 0) + return_error(gs_error_undefined); + dsc_state = r_ptr(pvalue, dsc_data_t); /* * Pick up the comment string to be parsed. -- 2.9.1