Fix bug #692246 infinite loop searching the character table.

Set up the number of characters in the table and the maximum amount of memory used by the font cache such that we maintain the invariant that we will run out of memory before running out of table entries. Thanks to Shailesh Mistry for assistance in analyzing this problem.
author: Henry Stiles <henry.stiles@artifex.com> 2011-06-18 18:03:44 -0600
committer: Chris Liddell <chris.liddell@artifex.com> 2012-03-15 11:52:06 +0000
commit: 1433ea78d4aa81f2fcfc13137360002a7271acd7 (patch)
tree: 5958e6e96a89596ecaa02c18f721fdb1680026b3 /gs
parent: dc1103e5b9e3add56e145aa9536b34d177e9781e (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/gs/base/gxccman.c b/gs/base/gxccman.c
index 4b9fcc7c2..bff0f6735 100644
--- a/gs/base/gxccman.c
+++ b/gs/base/gxccman.c
@@ -74,6 +74,11 @@ gx_char_cache_alloc(gs_memory_t * struct_mem, gs_memory_t * bits_mem,
     cached_fm_pair *mdata;
     cached_char **chars;
 
+    /* the table size must be adjusted upward such that we overflow
+       cache character memory before filling the table.  The searching
+       code uses an empty table entry as a sentinel. */
+    chsize = max(chsize, ROUND_UP(bmax, sizeof_cached_char) / sizeof_cached_char + 1);
+    
     /* Round up chsize to a power of 2. */
     while (chsize & (chsize + 1))
         chsize |= chsize >> 1;
author	Henry Stiles <henry.stiles@artifex.com>	2011-06-18 18:03:44 -0600
committer	Chris Liddell <chris.liddell@artifex.com>	2012-03-15 11:52:06 +0000
commit	1433ea78d4aa81f2fcfc13137360002a7271acd7 (patch)
tree	5958e6e96a89596ecaa02c18f721fdb1680026b3 /gs
parent	dc1103e5b9e3add56e145aa9536b34d177e9781e (diff)