From 9d20a4f3a69fdea855f8678c1ad50b5db7472d81 Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Wed, 20 Feb 2013 18:23:49 +0000 Subject: Bug 693639: Avoid heap overflow and leaks in error cases. Avoid heap overflow in the error case in fz_end_tile. Avoid leaking all previously loaded annotations from pdf_load_annots if pdf_is_dict throws an exception. Various whitespace fixes. Many thanks to zeniko. --- fitz/base_error.c | 4 +++- fitz/base_xml.c | 3 ++- fitz/dev_null.c | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'fitz') diff --git a/fitz/base_error.c b/fitz/base_error.c index 5ec97a0a..de41c023 100644 --- a/fitz/base_error.c +++ b/fitz/base_error.c @@ -95,8 +95,10 @@ int fz_push_try(fz_error_context *ex) * immediately - returning 0 stops the setjmp happening and takes us * direct to the always/catch clauses. */ assert(ex->top == nelem(ex->stack)-1); - strcpy(ex->message, "exception stack overflow!\n"); + strcpy(ex->message, "exception stack overflow!"); ex->stack[ex->top].code = 2; + fprintf(stderr, "error: %s\n", ex->message); + LOGE("error: %s\n", ex->message); return 0; } diff --git a/fitz/base_xml.c b/fitz/base_xml.c index 37cdc7b1..170ee93d 100644 --- a/fitz/base_xml.c +++ b/fitz/base_xml.c @@ -93,7 +93,8 @@ static void xml_free_attribute(fz_context *ctx, struct attribute *att) void fz_free_xml(fz_context *ctx, fz_xml *item) { - while (item) { + while (item) + { fz_xml *next = item->next; if (item->text) fz_free(ctx, item->text); diff --git a/fitz/dev_null.c b/fitz/dev_null.c index 4a32d4b9..e7d31fdf 100644 --- a/fitz/dev_null.c +++ b/fitz/dev_null.c @@ -342,6 +342,7 @@ fz_end_tile(fz_device *dev) dev->error_depth--; if (dev->error_depth == 0) fz_throw(dev->ctx, "%s", dev->errmess); + return; } if (dev->end_tile) dev->end_tile(dev); -- cgit v1.2.3