summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Watts <robin.watts@artifex.com>2016-04-11 18:00:39 +0100
committerRobin Watts <robin.watts@artifex.com>2016-04-11 18:02:35 +0100
commit80e4786f5a0673c37821ba373e78c4fb58274314 (patch)
treed5ce862b2b832ef01feea666329d57cd10669d13
parent5fcc668d4d6ec0e5ffb7bf168d8fc9669d0c7d97 (diff)
downloadmupdf-80e4786f5a0673c37821ba373e78c4fb58274314.tar.xz
Bug 696696: Avoid leak when cleaning with sanitize.
If we rewrite a page content stream, and then drop that entire page we shouldn't leak the buffer. Or to put it another way, when we change the obj for an xref entry, ditch the cached stm_buf.
-rw-r--r--source/pdf/pdf-write.c2
-rw-r--r--source/pdf/pdf-xref.c4
2 files changed, 6 insertions, 0 deletions
diff --git a/source/pdf/pdf-write.c b/source/pdf/pdf-write.c
index c8b18c55..243e83eb 100644
--- a/source/pdf/pdf-write.c
+++ b/source/pdf/pdf-write.c
@@ -892,6 +892,8 @@ static void renumberobjs(fz_context *ctx, pdf_document *doc, pdf_write_state *op
pdf_xref_entry *e = pdf_get_xref_entry(ctx, doc, num);
pdf_drop_obj(ctx, e->obj);
e->obj = NULL;
+ fz_drop_buffer(ctx, e->stm_buf);
+ e->stm_buf = NULL;
}
}
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 6eca8a74..e915b600 100644
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -1735,7 +1735,11 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, int gen, pdf_lexbu
pdf_drop_obj(ctx, obj);
}
else
+ {
entry->obj = obj;
+ fz_drop_buffer(ctx, entry->stm_buf);
+ entry->stm_buf = NULL;
+ }
if (numbuf[i] == target)
ret_entry = entry;
}