From 6e566800606f748b9629a6b9d260b14107ba3806 Mon Sep 17 00:00:00 2001 From: Maxim Date: Tue, 19 May 2026 17:34:48 +0300 Subject: [PATCH] Fix memory allocation in PSOperator and Type1FontProgram --- .../verapdf/parser/postscript/PSOperator.java | 27 ++++++++++++------- .../pd/font/type1/Type1FontProgram.java | 2 +- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/verapdf/parser/postscript/PSOperator.java b/src/main/java/org/verapdf/parser/postscript/PSOperator.java index 8e1f9c42..4e41551d 100644 --- a/src/main/java/org/verapdf/parser/postscript/PSOperator.java +++ b/src/main/java/org/verapdf/parser/postscript/PSOperator.java @@ -28,6 +28,8 @@ import java.util.List; import java.util.Map; import java.util.Stack; +import java.util.logging.Level; +import java.util.logging.Logger; /** * Represents executable PostScript operator. @@ -35,6 +37,8 @@ * @author Sergey Shemyakov */ public class PSOperator extends PSObject { + + private static final Logger LOGGER = Logger.getLogger(PSOperator.class.getCanonicalName()); private static final int MAX_PS_ARRAY_SIZE = 1 << 16; private static final int MAX_PS_FOR_ITERATIONS = 10_000; private Stack operandStack; @@ -537,11 +541,11 @@ private void load() throws PostScriptException { private void array() throws PostScriptException { try { - int arraySize = getTopNumber().getInteger().intValue(); + Long arraySize = getTopNumber().getInteger(); if (arraySize < 0 || arraySize > MAX_PS_ARRAY_SIZE) { throw new PostScriptException("Array size " + arraySize + " is out of range"); } - COSObject array = COSArray.construct(arraySize); + COSObject array = COSArray.construct(arraySize.intValue()); for (int i = 0; i < arraySize; i++) { array.add(COSObject.getEmpty()); } @@ -586,15 +590,18 @@ private void opFor() throws PostScriptException { long increment = getTopNumber().getInteger(); long initial = getTopNumber().getInteger(); if (increment == 0 || (increment > 0 && initial > limit) || (increment < 0 && initial < limit)) { - throw new PostScriptException("Wrong increment value " + increment); - } - long iterations = Math.abs((limit - initial) / increment) + 1; - if (iterations > MAX_PS_FOR_ITERATIONS) { - throw new PostScriptException("Loop iteration count " + iterations + " is too large"); + LOGGER.log(Level.WARNING, "Wrong increment value " + increment + " for operator 'for'"); + increment = 0; } - for (long i = initial; (increment > 0 ? i <= limit : i >= limit); i += increment) { - operandStack.push(COSInteger.construct(i)); - ((PSProcedure) proc).executeProcedure(operandStack, userDict); + if (increment != 0) { + long iterations = Math.abs((limit - initial) / increment) + 1; + if (iterations > MAX_PS_FOR_ITERATIONS) { + throw new PostScriptException("Loop iteration count " + iterations + " is too large"); + } + for (long i = initial; (increment > 0 ? i <= limit : i >= limit); i += increment) { + operandStack.push(COSInteger.construct(i)); + ((PSProcedure) proc).executeProcedure(operandStack, userDict); + } } } catch (PostScriptException e) { diff --git a/src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java b/src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java index a3913282..c8ae7f5e 100644 --- a/src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java +++ b/src/main/java/org/verapdf/pd/font/type1/Type1FontProgram.java @@ -192,7 +192,7 @@ private void toExecute(COSObject next) throws PostScriptException { } private void toExecute(COSObject next, int depth) throws PostScriptException { - if (depth > MAX_TO_EXECUTE_DEPTH) { + if (depth >= MAX_TO_EXECUTE_DEPTH) { throw new PostScriptException("Type 1 font program exceeded toExecute recursion depth"); } PSObject operator = PSObject.getPSObject(next);