Fix invalid memory access in 2030.pdf.asan.69.463

1 files changed, 5 insertions, 1 deletions

diff --git a/poppler/Function.cc b/poppler/Function.cc
index 1dece2d5..2f94a54a 100644
--- a/poppler/Function.cc
+++ b/poppler/Function.cc
@@ -13,7 +13,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2006, 2008-2010 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2006, 2008-2010, 2013 Albert Astals Cid <aacid@kde.org>
 // Copyright (C) 2006 Jeff Muizelaar <jeff@infidigm.net>
 // Copyright (C) 2010 Christian Feuersänger <cfeuersaenger@googlemail.com>
 // Copyright (C) 2011 Andrea Canciani <ranma42@gmail.com>
@@ -1111,6 +1111,10 @@ void PSStack::copy(int n) {
     error(errSyntaxError, -1, "Stack underflow in PostScript function");
     return;
   }
+  if (unlikely(sp - n > psStackSize)) {
+    error(errSyntaxError, -1, "Stack underflow in PostScript function");
+    return;
+  }
   if (!checkOverflow(n)) {
     return;
   }