Fix (PS interpreter) : Allocate gs_screen_enum in same space as its components.

DETAILS : Bug 688330 "A dangling pointer in gx_screen_enum.". The old code allocates gs_screen_enum in current memory space and frees to the memory space of its components, which is obtained from the 'setscreen' operand (the spot function). In the test case the first memory space is local, and the second one is global. We guess the last statement became true after a recent change to the PDF interpreter. This patch allocates gs_screen_enum in same space as its components. The pritotype of zscreen_enum_init has been changed due to no method for obtaining a space attribute value for iref from a gs_memory_t instance (well, generally it is impossible, but one could solve if the memory allocator is a PS interpreter's allocator except stable ones). We noticed that components of gs_screen_enum have pointers to memory allocator structures, but don't list them in the related memory descriptors. We're not sure whether a memory allocator structure may relocate or not - our investigation through code didn't give an unique answer. For now we leave component descriptors as they were before the patch. EXPECTED DIFFERENCES : None. git-svn-id: http://svn.ghostscript.com/ghostscript/trunk@6149 a1074d23-0009-0410-80fe-cf8c14f379e6
author: Igor Melichev <igor.melichev@artifex.com> 2005-10-11 10:04:28 +0000
committer: Igor Melichev <igor.melichev@artifex.com> 2005-10-11 10:04:28 +0000
commit: dfdf284b58df86ead5c2932d7c3ea28c85b6e923 (patch)
tree: 0a5c3dce57ccf2ecfb960c3b471b6882c640208c /gs
parent: d2a2f6f8cb929c413ddf001237191cc181752b7e (diff)
4 files changed, 12 insertions, 9 deletions
diff --git a/gs/src/iht.h b/gs/src/iht.h
index 291f7727c..15a2439d5 100644
--- a/gs/src/iht.h
+++ b/gs/src/iht.h
@@ -24,6 +24,6 @@ int zscreen_params(os_ptr op, gs_screen_halftone * phs);
 
 int zscreen_enum_init(i_ctx_t *i_ctx_p, const gx_ht_order * porder,
 		      gs_screen_halftone * phs, ref * pproc, int npop,
-		      op_proc_t finish_proc, gs_memory_t * mem);
+		      op_proc_t finish_proc, int space_index);
 
 #endif /* iht_INCLUDED */
diff --git a/gs/src/zht.c b/gs/src/zht.c
index dc56e949a..1d05f4044 100644
--- a/gs/src/zht.c
+++ b/gs/src/zht.c
@@ -131,10 +131,11 @@ zsetscreen(i_ctx_t *i_ctx_p)
     gx_ht_order order;
     int code = zscreen_params(op, &screen);
     gs_memory_t *mem;
+    int space_index = r_space_index(op);
 
     if (code < 0)
 	return code;
-    mem = (gs_memory_t *)idmemory->spaces_indexed[r_space_index(op)];
+    mem = (gs_memory_t *)idmemory->spaces_indexed[space_index];
     /*
      * Allocate the halftone in the same VM space as the procedure.
      * This keeps the space relationships consistent.
@@ -144,23 +145,24 @@ zsetscreen(i_ctx_t *i_ctx_p)
     if (code < 0)
 	return code;
     return zscreen_enum_init(i_ctx_p, &order, &screen, op, 3,
-			     setscreen_finish, mem);
+			     setscreen_finish, space_index);
 }
 /* We break out the body of this operator so it can be shared with */
 /* the code for Type 1 halftones in sethalftone. */
 int
 zscreen_enum_init(i_ctx_t *i_ctx_p, const gx_ht_order * porder,
 		  gs_screen_halftone * psp, ref * pproc, int npop,
-		  int (*finish_proc)(i_ctx_t *), gs_memory_t * mem)
+		  int (*finish_proc)(i_ctx_t *), int space_index)
 {
     gs_screen_enum *penum;
+    gs_memory_t * mem = (gs_memory_t *)idmemory->spaces_indexed[space_index]; 
     int code;
 
     check_estack(snumpush + 1);
-    penum = gs_screen_enum_alloc(imemory, "setscreen");
+    penum = gs_screen_enum_alloc(mem, "setscreen");
     if (penum == 0)
 	return_error(e_VMerror);
-    make_istruct(esp + snumpush, 0, penum);	/* do early for screen_cleanup in case of error */
+    make_struct(esp + snumpush, space_index << r_space_shift, penum);	/* do early for screen_cleanup in case of error */
     code = gs_screen_enum_init_memory(penum, porder, igs, psp, mem);
     if (code < 0) {
 	screen_cleanup(i_ctx_p);
diff --git a/gs/src/zht1.c b/gs/src/zht1.c
index 26b6270a4..b40feab3e 100644
--- a/gs/src/zht1.c
+++ b/gs/src/zht1.c
@@ -92,7 +92,7 @@ zsetcolorscreen(i_ctx_t *i_ctx_p)
 	    code = zscreen_enum_init(i_ctx_p,
 				     &pdht->components[(i + 1) & 3].corder,
 				&pht->params.colorscreen.screens.indexed[i],
-				     &sprocs[i], 0, 0, mem);
+				     &sprocs[i], 0, 0, space);
 	    if (code < 0) {
 		esp = esp0;
 		break;
diff --git a/gs/src/zht2.c b/gs/src/zht2.c
index a3dc7fc6c..1e274d21b 100644
--- a/gs/src/zht2.c
+++ b/gs/src/zht2.c
@@ -88,8 +88,9 @@ zsethalftone5(i_ctx_t *i_ctx_p)
     uint name_size;
     int halftonetype, type = 0;
     gs_state *pgs = igs;
+    int space_index = r_space_index(op - 1);
 
-    mem = (gs_memory_t *) idmemory->spaces_indexed[r_space_index(op - 1)];
+    mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
 
     check_type(*op, t_dictionary);
     check_dict_read(*op);
@@ -303,7 +304,7 @@ zsethalftone5(i_ctx_t *i_ctx_p)
 	    case ht_type_spot:
 		code = zscreen_enum_init(i_ctx_p, porder,
 					 &phtc[j].params.spot.screen,
-					 &sprocs[j], 0, 0, mem);
+					 &sprocs[j], 0, 0, space_index);
 		if (code < 0)
 		    break;
 		/* falls through */
author	Igor Melichev <igor.melichev@artifex.com>	2005-10-11 10:04:28 +0000
committer	Igor Melichev <igor.melichev@artifex.com>	2005-10-11 10:04:28 +0000
commit	dfdf284b58df86ead5c2932d7c3ea28c85b6e923 (patch)
tree	0a5c3dce57ccf2ecfb960c3b471b6882c640208c /gs
parent	d2a2f6f8cb929c413ddf001237191cc181752b7e (diff)