[gs-cvs] rev 7694 - trunk/gs/src

[alexcher at ghostscript.com]

Author: alexcher
Date: 2007-02-12 06:06:50 -0800 (Mon, 12 Feb 2007)
New Revision: 7694

Modified:
   trunk/gs/src/ialloc.c
Log:
Change the order of allocations because alloc_save_change_alloc() leaves
alloc_change_t structure it allocates in the state that causes SEGV in GC
if where member is not initialized. Bug 688833, customer 1130.

DETAILS:
Allocation of alloc_change_t structure without further initialization happened
when allocation of a new run of references failed. The latter may be easily
triggered by interpretation of random bytes as a binary object sequence.

DIFFERENCES:
None


Modified: trunk/gs/src/ialloc.c
===================================================================
--- trunk/gs/src/ialloc.c	2007-02-12 12:02:52 UTC (rev 7693)
+++ trunk/gs/src/ialloc.c	2007-02-12 14:06:50 UTC (rev 7694)
@@ -185,14 +185,7 @@
 	 */
 	chunk_t *pcc = mem->pcc;
 	ref *end;
-	ref_packed **ppr = 0;
-	int code = 0;
 
-	if ((gs_memory_t *)mem != mem->stable_memory) {
-	    code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr);
-	    if (code < 0)
-		return code;
-	}
 	obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1,
 				    ref, &st_refs, cname);
 	if (obj == 0)
@@ -217,8 +210,14 @@
 	    chunk_locate_ptr(obj, &cl);
 	    cl.cp->has_refs = true;
 	}
-	if (ppr)
-	    *ppr = (ref_packed *)obj;
+	if ((gs_memory_t *)mem != mem->stable_memory) {
+	    ref_packed **ppr = 0;
+	    int code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr);
+	    if (code < 0)
+		return code;
+            if (ppr)
+	        *ppr = (ref_packed *)obj;
+	}
     }
     make_array(parr, attrs | mem->space, num_refs, obj);
     return 0;