Bug 705296: Call pdf_cycle() even for non-indirect colorspaces.

Consider when an indexed colorspace array is passed to
pdf_load_colorspace_imp(). In this case pdf_is_indirect() returns
false and boolean short-cutting causes pdf_cycle() not to be called.

Despite pdf_cycle_list remaining uninitialized it is passed to e.g.
load_indexed(), which tries to load the base colorspace, thus calling
pdf_load_colorspace_imp() again. The base colorspace might be an
indirect reference causing pdf_cycle() to be called. When pdf_cycle()
follows pdf_cycle_list->up it will eventually encounter the
uninitialized pdf_cycle_list entry at the top, likely causing the
reported segfault.

Commit 865ee9aa6d5e84eaa09cd997ca9483c3ee449e85 added the call to
pdf_is_indirect(), but doesn't provide any benefit so this commit
removes the check.

diff --git a/source/pdf/pdf-colorspace.c b/source/pdf/pdf-colorspace.c
index 3efa6428d28c273f9a6904b55cddbb93b8623b7c..726309d241fd3e51227c541cee08482574d6bff2 100644 (file)
--- a/source/pdf/pdf-colorspace.c
+++ b/source/pdf/pdf-colorspace.c
@@ -362,8 +362,8 @@ pdf_load_colorspace_imp(fz_context *ctx, pdf_obj *obj, pdf_cycle_list *cycle_up)
        fz_colorspace *cs = NULL;
        pdf_cycle_list cycle;
 
-       if (pdf_is_indirect(ctx, obj) && pdf_cycle(ctx, &cycle, cycle_up, obj))
-               fz_throw(ctx, FZ_ERROR_SYNTAX, "recursive colorspace");
+       if (pdf_cycle(ctx, &cycle, cycle_up, obj))
+                       fz_throw(ctx, FZ_ERROR_SYNTAX, "recursive colorspace");
 
        if (pdf_is_name(ctx, obj))
        {