Bug 693639: Avoid heap overflow and leaks in error cases.

Avoid heap overflow in the error case in fz_end_tile. Avoid leaking all previously loaded annotations from pdf_load_annots if pdf_is_dict throws an exception. Various whitespace fixes. Many thanks to zeniko.
author: Robin Watts <robin.watts@artifex.com> 2013-02-20 18:23:49 +0000
committer: Robin Watts <robin.watts@artifex.com> 2013-02-20 18:30:21 +0000
commit: 9d20a4f3a69fdea855f8678c1ad50b5db7472d81 (patch)
tree: db892fb4841f81475e2684912a5f3083ef154cc8 /pdf
parent: 55a1b60561798acd730c3a2a75a093856f2daf94 (diff)
download: mupdf-9d20a4f3a69fdea855f8678c1ad50b5db7472d81.tar.xz
1 files changed, 4 insertions, 2 deletions
diff --git a/pdf/pdf_annot.c b/pdf/pdf_annot.c
index 9513bf1a..5b152592 100644
--- a/pdf/pdf_annot.c
+++ b/pdf/pdf_annot.c
@@ -361,7 +361,7 @@ pdf_load_annots(pdf_document *xref, pdf_obj *annots, pdf_page *page)
 {
 	pdf_annot *annot, *head, *tail;
 	pdf_obj *obj, *ap, *as, *n, *rect;
-	int i, len;
+	int i, len, is_dict;
 	fz_context *ctx = xref->ctx;
 
 	fz_var(annot);
@@ -380,13 +380,15 @@ pdf_load_annots(pdf_document *xref, pdf_obj *annots, pdf_page *page)
 			rect = pdf_dict_gets(obj, "Rect");
 			ap = pdf_dict_gets(obj, "AP");
 			as = pdf_dict_gets(obj, "AS");
+			is_dict = pdf_is_dict(ap);
 		}
 		fz_catch(ctx)
 		{
 			ap = NULL;
+			is_dict = 0;
 		}
 
-		if (!pdf_is_dict(ap))
+		if (!is_dict)
 			continue;
 
 		annot = NULL;
author	Robin Watts <robin.watts@artifex.com>	2013-02-20 18:23:49 +0000
committer	Robin Watts <robin.watts@artifex.com>	2013-02-20 18:30:21 +0000
commit	9d20a4f3a69fdea855f8678c1ad50b5db7472d81 (patch)
tree	db892fb4841f81475e2684912a5f3083ef154cc8 /pdf
parent	55a1b60561798acd730c3a2a75a093856f2daf94 (diff)
download	mupdf-9d20a4f3a69fdea855f8678c1ad50b5db7472d81.tar.xz