From 2ed5d370aea6966115e27eb415612209a2696217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=BCnzli?= Date: Sun, 18 Aug 2013 13:35:51 +0200 Subject: fix memory leaks * If fz_alpha_from_gray throws in fz_render_t3_glyph, then glyph is leaked. * If fz_new_image throws in pdf_load_image_imp, then colorspace and mask are leaked. * pdf_copy_pattern_gstate overwrites font and softmask without dropping them first. --- source/fitz/font.c | 14 ++++++++++++-- source/pdf/pdf-image.c | 12 ++++++++---- source/pdf/pdf-interpret.c | 13 ++++++------- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/source/fitz/font.c b/source/fitz/font.c index cb369c0f..cbf4d466 100644 --- a/source/fitz/font.c +++ b/source/fitz/font.c @@ -1016,8 +1016,18 @@ fz_render_t3_glyph(fz_context *ctx, fz_font *font, int gid, const fz_matrix *trm if (!model) { - result = fz_alpha_from_gray(ctx, glyph, 0); - fz_drop_pixmap(ctx, glyph); + fz_try(ctx) + { + result = fz_alpha_from_gray(ctx, glyph, 0); + } + fz_always(ctx) + { + fz_drop_pixmap(ctx, glyph); + } + fz_catch(ctx) + { + fz_rethrow(ctx); + } } else result = glyph; diff --git a/source/pdf/pdf-image.c b/source/pdf/pdf-image.c index 5d0d59d3..10ae89ff 100644 --- a/source/pdf/pdf-image.c +++ b/source/pdf/pdf-image.c @@ -25,6 +25,7 @@ pdf_load_image_imp(pdf_document *doc, pdf_obj *rdb, pdf_obj *dict, fz_stream *cs fz_var(stm); fz_var(mask); fz_var(image); + fz_var(colorspace); fz_try(ctx) { @@ -55,7 +56,6 @@ pdf_load_image_imp(pdf_document *doc, pdf_obj *rdb, pdf_obj *dict, fz_stream *cs indexed = 0; usecolorkey = 0; - mask = NULL; if (imagemask) bpc = 1; @@ -118,7 +118,7 @@ pdf_load_image_imp(pdf_document *doc, pdf_obj *rdb, pdf_obj *dict, fz_stream *cs else if (forcemask) fz_warn(ctx, "Ignoring recursive image soft mask"); else - mask = (fz_image *)pdf_load_image_imp(doc, rdb, obj, NULL, 1); + mask = pdf_load_image_imp(doc, rdb, obj, NULL, 1); } else if (pdf_is_array(obj)) { @@ -158,10 +158,14 @@ pdf_load_image_imp(pdf_document *doc, pdf_obj *rdb, pdf_obj *dict, fz_stream *cs } image = fz_new_image(ctx, w, h, bpc, colorspace, 96, 96, interpolate, imagemask, decode, usecolorkey ? colorkey : NULL, NULL, mask); + colorspace = NULL; + mask = NULL; image->tile = fz_decomp_image_from_stream(ctx, stm, image, cstm != NULL, indexed, 0, 0); } fz_catch(ctx) { + fz_drop_colorspace(ctx, colorspace); + fz_drop_image(ctx, mask); fz_drop_image(ctx, image); fz_rethrow(ctx); } @@ -171,7 +175,7 @@ pdf_load_image_imp(pdf_document *doc, pdf_obj *rdb, pdf_obj *dict, fz_stream *cs fz_image * pdf_load_inline_image(pdf_document *doc, pdf_obj *rdb, pdf_obj *dict, fz_stream *file) { - return (fz_image *)pdf_load_image_imp(doc, rdb, dict, file, 0); + return pdf_load_image_imp(doc, rdb, dict, file, 0); } int @@ -232,7 +236,7 @@ pdf_load_jpx(pdf_document *doc, pdf_obj *dict, int forcemask) if (forcemask) fz_warn(ctx, "Ignoring recursive JPX soft mask"); else - mask = (fz_image *)pdf_load_image_imp(doc, NULL, obj, NULL, 1); + mask = pdf_load_image_imp(doc, NULL, obj, NULL, 1); } obj = pdf_dict_getsa(dict, "Decode", "D"); diff --git a/source/pdf/pdf-interpret.c b/source/pdf/pdf-interpret.c index 515a87fa..62173cf8 100644 --- a/source/pdf/pdf-interpret.c +++ b/source/pdf/pdf-interpret.c @@ -1059,16 +1059,15 @@ static void pdf_copy_pattern_gstate(fz_context *ctx, pdf_gstate *gs, const pdf_gstate *old) { gs->ctm = old->ctm; - gs->font = old->font; - gs->softmask = old->softmask; + + pdf_drop_font(ctx, gs->font); + gs->font = pdf_keep_font(ctx, old->font); + + pdf_drop_xobject(ctx, gs->softmask); + gs->softmask = pdf_keep_xobject(ctx, old->softmask); fz_drop_stroke_state(ctx, gs->stroke_state); gs->stroke_state = fz_keep_stroke_state(ctx, old->stroke_state); - - if (gs->font) - pdf_keep_font(ctx, gs->font); - if (gs->softmask) - pdf_keep_xobject(ctx, gs->softmask); } static pdf_csi * -- cgit v1.2.3