Fix error reported by ASAN in 6760.asan.0.8568.pdf

==26566== ERROR: AddressSanitizer: SEGV on unknown address 0x7fffbc3e5ea8 (pc 0x7fe1fa858db1 sp 0x7fffc788eb30 bp 0x7fffc788eb40 T0)
AddressSanitizer can not provide additional info.
    #0 0x7fe1fa858db0 in PSStack::index(int) /home/tsdgeos/devel/poppler/poppler/Function.cc:1067
    #1 0x7fe1fa856fd6 in PostScriptFunction::exec(PSStack*, int) /home/tsdgeos/devel/poppler/poppler/Function.cc:1621
    #2 0x7fe1fa854c10 in PostScriptFunction::transform(double*, double*) /home/tsdgeos/devel/poppler/poppler/Function.cc:1266
    #3 0x7fe1fa854097 in PostScriptFunction::PostScriptFunction(Object*, Dict*) /home/tsdgeos/devel/poppler/poppler/Function.cc:1216
    #4 0x7fe1fa84a0c2 in Function::parse(Object*, std::set<int, std::less<int>, std::allocator<int> >*) /home/tsdgeos/devel/poppler/poppler/Function.cc:98
    #5 0x7fe1fa849e3c in Function::parse(Object*) /home/tsdgeos/devel/poppler/poppler/Function.cc:63
    #6 0x7fe1fa8c1d8c in GfxDeviceNColorSpace::parse(Array*, OutputDev*, GfxState*, int) /home/tsdgeos/devel/poppler/poppler/GfxState.cc:2978
    #7 0x7fe1fa8a6fb7 in GfxColorSpace::parse(Object*, OutputDev*, GfxState*, int) /home/tsdgeos/devel/poppler/poppler/GfxState.cc:328
    #8 0x7fe1fa88440f in Gfx::doImage(Object*, Stream*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4403
    #9 0x7fe1fa882d6c in Gfx::opXObject(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4179
    #10 0x7fe1fa85d2c6 in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
    #11 0x7fe1fa85c49b in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
    #12 0x7fe1fa85c0ef in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
    #13 0x7fe1fa93ed81 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
    #14 0x7fe1fa9462ad in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
    #15 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
    #16 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
    #17 0x7fe1f9f66ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #18 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)

1 files changed, 6 insertions, 2 deletions

diff --git a/poppler/Function.cc b/poppler/Function.cc
index 81829ec0..67283dff 100644
--- a/poppler/Function.cc
+++ b/poppler/Function.cc
@@ -13,7 +13,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2006, 2008-2010, 2013 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2006, 2008-2010, 2013, 2014 Albert Astals Cid <aacid@kde.org>
 // Copyright (C) 2006 Jeff Muizelaar <jeff@infidigm.net>
 // Copyright (C) 2010 Christian Feuersänger <cfeuersaenger@googlemail.com>
 // Copyright (C) 2011 Andrea Canciani <ranma42@gmail.com>
@@ -1060,10 +1060,14 @@ public:
       return;
     }
     --sp;
-    if (sp + i + 1 >= psStackSize) {
+    if (unlikely(sp + i + 1 >= psStackSize)) {
       error(errSyntaxError, -1, "Stack underflow in PostScript function");
       return;
     }
+    if (unlikely(sp + i + 1 < 0)) {
+      error(errSyntaxError, -1, "Stack overflow in PostScript function");
+      return;
+    }
     stack[sp] = stack[sp + 1 + i];
   }
   void pop()