Bug 693503: Fix memory leak in forms handling

An unused dictionary reference could be left dangling. Simple fix is to drop the reference after use. Problem found in a test file, 2785.pdf.asan.6d.1985 supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
author: Robin Watts <robin.watts@artifex.com> 2013-01-02 12:22:32 +0000
committer: Robin Watts <robin.watts@artifex.com> 2013-01-02 12:26:44 +0000
commit: 4d0ddfdc4922e15619809837a7d3d54421b1a2e0 (patch)
tree: 2cfcf01ed4c8818bee89c86e2c83465446b6c068 /pdf
parent: 1b26c4b453da32067132175db99173ae7c4c83ef (diff)
download: mupdf-4d0ddfdc4922e15619809837a7d3d54421b1a2e0.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/pdf/pdf_form.c b/pdf/pdf_form.c
index 1a8dd268..249b4dfc 100644
--- a/pdf/pdf_form.c
+++ b/pdf/pdf_form.c
@@ -1176,6 +1176,7 @@ static pdf_xobject *load_or_create_form(pdf_document *doc, pdf_obj *obj, fz_rect
 			tobj = pdf_new_dict(ctx, 1);
 			pdf_dict_puts(obj, "AP", tobj);
 			ap = tobj;
+			pdf_drop_obj(tobj);
 			tobj = NULL;
 		}
 
@@ -1185,6 +1186,7 @@ static pdf_xobject *load_or_create_form(pdf_document *doc, pdf_obj *obj, fz_rect
 			tobj = pdf_new_xobject(doc, rect, &mat);
 			pdf_dict_puts(ap, dn, tobj);
 			formobj = tobj;
+			pdf_drop_obj(tobj);
 			tobj = NULL;
 			create_form = 1;
 		}
author	Robin Watts <robin.watts@artifex.com>	2013-01-02 12:22:32 +0000
committer	Robin Watts <robin.watts@artifex.com>	2013-01-02 12:26:44 +0000
commit	4d0ddfdc4922e15619809837a7d3d54421b1a2e0 (patch)
tree	2cfcf01ed4c8818bee89c86e2c83465446b6c068 /pdf
parent	1b26c4b453da32067132175db99173ae7c4c83ef (diff)
download	mupdf-4d0ddfdc4922e15619809837a7d3d54421b1a2e0.tar.xz