From dc2ba49207af71193f1390d84bba4e15aeea0ce0 Mon Sep 17 00:00:00 2001
From: Thomas Deutschmann <whissi@gentoo.org>
Date: Thu, 19 Mar 2020 13:53:45 +0100
Subject: Import Ghostscript 9.52

Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
---
 psi/dscparse.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'psi/dscparse.c')

diff --git a/psi/dscparse.c b/psi/dscparse.c
index e754a82c..0c34eb14 100644
--- a/psi/dscparse.c
+++ b/psi/dscparse.c
@@ -3822,7 +3822,7 @@ dsc_dcs2_fixup(CDSC *dsc)
         DSC_OFFSET *pbegin;
         DSC_OFFSET *pend;
         DSC_OFFSET end;
-        CDCS2 *pdcs = dsc->dcs2;
+        CDCS2 *pdcs = NULL;
         /* Now treat the initial EPS file as a single page without
          * headers or trailer, so page extraction will fetch the
          * the correct separation. */
@@ -3888,6 +3888,14 @@ dsc_dcs2_fixup(CDSC *dsc)
             *pbegin = *pend;
         end = 0;	/* end of composite is start of first separation */
 
+        /* we used to do this where the pointer is declared, but Coverity points out
+         * that dsc_alloc_string can call dsc_reset which can free dsc and dsc->dcs2.
+         * By deferring the initialisation to here we can ensure we don't have a
+         * dangling pointer. This makes me suspiciouos that DCS (not DSC!) comments
+         * have never worked properly.
+         */
+        pdcs = dsc->dcs2;
+
         while (pdcs) {
             page_number = dsc->page_count;
             if ((pdcs->begin) && (pdcs->colourname != NULL)) {
-- 
cgit v1.2.3-65-gdbad