Fix potential problems on malloc failure.

Don't reset the size of arrays until we have successfully resized them.

6 files changed, 32 insertions, 22 deletions

diff --git a/pdf/base_object.c b/pdf/base_object.c
index 00032fb8..6f0c5d99 100644
--- a/pdf/base_object.c
+++ b/pdf/base_object.c
@@ -438,9 +438,10 @@ static void
 pdf_array_grow(pdf_obj *obj)
 {
 	int i;
+	int new_cap = (obj->u.a.cap * 3) / 2;
 
-	obj->u.a.cap = (obj->u.a.cap * 3) / 2;
-	obj->u.a.items = fz_resize_array(obj->ctx, obj->u.a.items, obj->u.a.cap, sizeof(pdf_obj*));
+	obj->u.a.items = fz_resize_array(obj->ctx, obj->u.a.items, new_cap, sizeof(pdf_obj*));
+	obj->u.a.cap = new_cap;
 
 	for (i = obj->u.a.len ; i < obj->u.a.cap; i++)
 		obj->u.a.items[i] = NULL;
@@ -607,9 +608,10 @@ static void
 pdf_dict_grow(pdf_obj *obj)
 {
 	int i;
+	int new_cap = (obj->u.d.cap * 3) / 2;
 
-	obj->u.d.cap = (obj->u.d.cap * 3) / 2;
-	obj->u.d.items = fz_resize_array(obj->ctx, obj->u.d.items, obj->u.d.cap, sizeof(struct keyval));
+	obj->u.d.items = fz_resize_array(obj->ctx, obj->u.d.items, new_cap, sizeof(struct keyval));
+	obj->u.d.cap = new_cap;
 
 	for (i = obj->u.d.len; i < obj->u.d.cap; i++)
 	{
diff --git a/pdf/pdf_cmap.c b/pdf/pdf_cmap.c
index 3c4d07bc..71066986 100644
--- a/pdf/pdf_cmap.c
+++ b/pdf/pdf_cmap.c
@@ -189,8 +189,9 @@ add_table(fz_context *ctx, pdf_cmap *cmap, int value)
 	}
 	if (cmap->tlen + 1 > cmap->tcap)
 	{
-		cmap->tcap = cmap->tcap > 1 ? (cmap->tcap * 3) / 2 : 256;
-		cmap->table = fz_resize_array(ctx, cmap->table, cmap->tcap, sizeof(unsigned short));
+		int new_cap = cmap->tcap > 1 ? (cmap->tcap * 3) / 2 : 256; 
+		cmap->table = fz_resize_array(ctx, cmap->table, new_cap, sizeof(unsigned short));
+		cmap->tcap = new_cap;
 	}
 	cmap->table[cmap->tlen++] = value;
 }
@@ -210,8 +211,9 @@ add_range(fz_context *ctx, pdf_cmap *cmap, int low, int high, int flag, int offs
 	}
 	if (cmap->rlen + 1 > cmap->rcap)
 	{
-		cmap->rcap = cmap->rcap > 1 ? (cmap->rcap * 3) / 2 : 256;
-		cmap->ranges = fz_resize_array(ctx, cmap->ranges, cmap->rcap, sizeof(pdf_range));
+		int new_cap = cmap->rcap > 1 ? (cmap->rcap * 3) / 2 : 256;
+		cmap->ranges = fz_resize_array(ctx, cmap->ranges, new_cap, sizeof(pdf_range));
+		cmap->rcap = new_cap;
 	}
 	cmap->ranges[cmap->rlen].low = low;
 	pdf_range_set_high(&cmap->ranges[cmap->rlen], high);
diff --git a/pdf/pdf_function.c b/pdf/pdf_function.c
index cbcd8aa7..67c34836 100644
--- a/pdf/pdf_function.c
+++ b/pdf/pdf_function.c
@@ -692,8 +692,9 @@ resize_code(fz_context *ctx, pdf_function *func, int newsize)
 {
 	if (newsize >= func->u.p.cap)
 	{
-		func->u.p.cap = func->u.p.cap + 64;
-		func->u.p.code = fz_resize_array(ctx, func->u.p.code, func->u.p.cap, sizeof(psobj));
+		int new_cap = func->u.p.cap + 64;
+		func->u.p.code = fz_resize_array(ctx, func->u.p.code, new_cap, sizeof(psobj));
+		func->u.p.cap = new_cap;
 	}
 }
 
diff --git a/pdf/pdf_metrics.c b/pdf/pdf_metrics.c
index 888757c0..7c09ad4e 100644
--- a/pdf/pdf_metrics.c
+++ b/pdf/pdf_metrics.c
@@ -25,8 +25,9 @@ pdf_add_hmtx(fz_context *ctx, pdf_font_desc *font, int lo, int hi, int w)
 {
 	if (font->hmtx_len + 1 >= font->hmtx_cap)
 	{
-		font->hmtx_cap = font->hmtx_cap + 16;
-		font->hmtx = fz_resize_array(ctx, font->hmtx, font->hmtx_cap, sizeof(pdf_hmtx));
+		int new_cap = font->hmtx_cap + 16;
+		font->hmtx = fz_resize_array(ctx, font->hmtx, new_cap, sizeof(pdf_hmtx));
+		font->hmtx_cap = new_cap;
 	}
 
 	font->hmtx[font->hmtx_len].lo = lo;
@@ -40,8 +41,9 @@ pdf_add_vmtx(fz_context *ctx, pdf_font_desc *font, int lo, int hi, int x, int y,
 {
 	if (font->vmtx_len + 1 >= font->vmtx_cap)
 	{
-		font->vmtx_cap = font->vmtx_cap + 16;
-		font->vmtx = fz_resize_array(ctx, font->vmtx, font->vmtx_cap, sizeof(pdf_vmtx));
+		int new_cap = font->vmtx_cap + 16;
+		font->vmtx = fz_resize_array(ctx, font->vmtx, new_cap, sizeof(pdf_vmtx));
+		font->vmtx_cap = new_cap;
 	}
 
 	font->vmtx[font->vmtx_len].lo = lo;
diff --git a/pdf/pdf_page.c b/pdf/pdf_page.c
index 312d70b0..bbc335bb 100644
--- a/pdf/pdf_page.c
+++ b/pdf/pdf_page.c
@@ -80,9 +80,9 @@ pdf_load_page_tree_node(pdf_document *xref, pdf_obj *node, struct info info)
 			if (xref->page_len == xref->page_cap)
 			{
 				fz_warn(ctx, "found more pages than expected");
+				xref->page_refs = fz_resize_array(ctx, xref->page_refs, xref->page_cap+1, sizeof(pdf_obj*));
+				xref->page_objs = fz_resize_array(ctx, xref->page_objs, xref->page_cap+1, sizeof(pdf_obj*));
 				xref->page_cap ++;
-				xref->page_refs = fz_resize_array(ctx, xref->page_refs, xref->page_cap, sizeof(pdf_obj*));
-				xref->page_objs = fz_resize_array(ctx, xref->page_objs, xref->page_cap, sizeof(pdf_obj*));
 			}
 
 			xref->page_refs[xref->page_len] = pdf_keep_obj(node);
diff --git a/pdf/pdf_shade.c b/pdf/pdf_shade.c
index 589b7613..0847f4d2 100644
--- a/pdf/pdf_shade.c
+++ b/pdf/pdf_shade.c
@@ -15,16 +15,19 @@ struct vertex
 static void
 pdf_grow_mesh(fz_context *ctx, fz_shade *shade, int amount)
 {
-	if (shade->mesh_len + amount < shade->mesh_cap)
+	int cap = shade->mesh_cap;
+
+	if (shade->mesh_len + amount < cap)
 		return;
 
-	if (shade->mesh_cap == 0)
-		shade->mesh_cap = 1024;
+	if (cap == 0)
+		cap = 1024;
 
-	while (shade->mesh_len + amount > shade->mesh_cap)
-		shade->mesh_cap = (shade->mesh_cap * 3) / 2;
+	while (shade->mesh_len + amount > cap)
+		cap = (cap * 3) / 2;
 
-	shade->mesh = fz_resize_array(ctx, shade->mesh, shade->mesh_cap, sizeof(float));
+	shade->mesh = fz_resize_array(ctx, shade->mesh, cap, sizeof(float));
+	shade->mesh_cap = cap;
 }
 
 static void