This command segfaults: gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=./korea.pdf -c.setpdfwrite -fkorea.ps Original report: https://bugzilla.redhat.com/show_bug.cgi?id=728710
Created attachment 8067 [details] korea.ps.xz
Assigning to me, this is not one of the Coverity issues, and crashes are important.
When copying fonts for embedding the font copying code checks the used glyphs to see if any of them are SEAC glyphs (as the components must be copied too). The SEAC scanner was not properly implementing the CFF 'shortint' operator (the operator is a horrible kludge). Instead of pushing the value on the operand stack it was skipping it. When the value was the index of a Subr this could cause the wrong subroutine to be executed, and with incorrect parameters on the stack. Eventually this could lead to a crash. Fixed in Git commit: 138d68e2d7dd5567c7a24740ec71858e24342a1f