More memsqueezing fixes.

One of the previous memsqueezing fixes (specifically that in
close_dctd) appears to cause the Memento fork bases squeezing
process to stop.

This appears to be because old code would do a NULL dereference
causing a SEGV. This would somehow NOT be picked up by the signal
handler, and the child would exit.

If the code is fixed to avoid the SEGV the code then somehow
goes on to do something (not in the close_dctd code) that makes
the mem squeeze process grind to a halt - but NOT in the same
instance of the executable. I am at a loss to explain this, but
would rather the code stays as it is (being as far as I can see
correct) for now.

5 files changed, 21 insertions, 8 deletions

diff --git a/fitz/filt_basic.c b/fitz/filt_basic.c
index b0ff340f..ae239fed 100644
--- a/fitz/filt_basic.c
+++ b/fitz/filt_basic.c
@@ -383,7 +383,7 @@ read_rld(fz_stream *stm, unsigned char *buf, int len)
 static void
 close_rld(fz_context *ctx, void *state_)
 {
-	fz_rld *state = (void *)state_;
+	fz_rld *state = (fz_rld *)state_;
 	fz_stream *chain = state->chain;
 
 	fz_free(ctx, state);
diff --git a/fitz/filt_dctd.c b/fitz/filt_dctd.c
index 3209d2ce..83366338 100644
--- a/fitz/filt_dctd.c
+++ b/fitz/filt_dctd.c
@@ -186,8 +186,6 @@ close_dctd(fz_context *ctx, void *state_)
 
 	if (setjmp(state->jb))
 	{
-		if (state->cinfo.src)
-			state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer;
 		fz_warn(ctx, "jpeg error: %s", state->msg);
 		goto skip;
 	}
@@ -198,7 +196,9 @@ close_dctd(fz_context *ctx, void *state_)
 skip:
 	if (state->cinfo.src)
 		state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer;
-	jpeg_destroy_decompress(&state->cinfo);
+        if (state->init)
+		jpeg_destroy_decompress(&state->cinfo);
+        
 	fz_free(ctx, state->scanline);
 	fz_close(state->chain);
 	fz_free(ctx, state);
diff --git a/fitz/memento.c b/fitz/memento.c
index 76a27c48..3ea00f92 100644
--- a/fitz/memento.c
+++ b/fitz/memento.c
@@ -754,6 +754,10 @@ static int squeeze(void)
     /* Wait for pid to finish */
     waitpid(pid, &status, 0);
 
+    if (status != 0) {
+        fprintf(stderr, "Child status=%d\n", status);
+    }
+    
     /* Put the files back */
     for (i = 0; i < OPEN_MAX; i++) {
         if (stashed_map[i] != 0) {
diff --git a/fitz/stm_open.c b/fitz/stm_open.c
index 45689502..37230243 100644
--- a/fitz/stm_open.c
+++ b/fitz/stm_open.c
@@ -97,7 +97,15 @@ fz_open_fd(fz_context *ctx, int fd)
 	state = fz_malloc_struct(ctx, int);
 	*state = fd;
 
-	stm = fz_new_stream(ctx, state, read_file, close_file);
+	fz_try(ctx)
+	{
+		stm = fz_new_stream(ctx, state, read_file, close_file);
+	}
+	fz_catch(ctx)
+	{
+		fz_free(ctx, state);
+		fz_rethrow(ctx);
+	}
 	stm->seek = seek_file;
 
 	return stm;
diff --git a/pdf/pdf_font.c b/pdf/pdf_font.c
index ccc5786b..6df147a4 100644
--- a/pdf/pdf_font.c
+++ b/pdf/pdf_font.c
@@ -397,7 +397,7 @@ pdf_load_simple_font(pdf_xref *xref, fz_obj *dict)
 	fz_obj *encoding;
 	fz_obj *widths;
 	unsigned short *etable = NULL;
-	pdf_font_desc *fontdesc;
+	pdf_font_desc *fontdesc = NULL;
 	FT_Face face;
 	FT_CharMap cmap;
 	int symbolic;
@@ -411,14 +411,15 @@ pdf_load_simple_font(pdf_xref *xref, fz_obj *dict)
 	int fterr;
 	fz_context *ctx = xref->ctx;
 
+	fz_var(fontdesc);
+
 	basefont = fz_to_name(fz_dict_gets(dict, "BaseFont"));
 	fontname = clean_font_name(basefont);
 
-	fontdesc = pdf_new_font_desc(ctx);
-
 	/* Load font file */
 	fz_try(ctx)
 	{
+		fontdesc = pdf_new_font_desc(ctx);
 
 		descriptor = fz_dict_gets(dict, "FontDescriptor");
 		if (descriptor)