This simple test doesn't seem to work, and causes what looks like exploitable memory corruption: $ gs GPL Ghostscript 9.23 (2018-03-21) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. GS>.distillerparamkeys GS<1>.setdistillerparams Segmentation fault
I can't reproduce this with the current code, I get: Error: /typecheck in --setdistillerparams-- Operand stack: --dict:84/84(ro)(G)-- Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- %loop_continue --nostringval-- --nostringval-- false 1 %stopped_push .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- 2017 1 3 %oparray_pop Dictionary stack: --dict:982/1684(ro)(G)-- --dict:0/20(G)-- --dict:78/200(L)-- Current allocation mode is local Last OS error: Resource temporarily unavailable Current file position is 20
(In reply to Chris Liddell (chrisl) from comment #1) > I can't reproduce this with the current code, I get: Oh, scratch that... I can see it.
This 'looks like' a duplicate of 695656, at least it crashes in the same place for me. Chris already has a fix for this so I'm going to let him commit that. However, .setdistillerparams shouldn't be available, so I've made a change of my own to address that. It seems that this commit: 971472c83a345a16dac9f90f91258bb22dd77f22 accidentally broke some of the operator hiding code, in the course of making it work with DELAYBIND.
It's the same route cause as 699656 and the same fix solves this. *** This bug has been marked as a duplicate of bug 699656 ***