From 4b9cebf7983cdfe9ee087ce5f2e454ce661fa204 Mon Sep 17 00:00:00 2001 From: Tor Andersson Date: Tue, 19 Feb 2013 17:19:29 +0100 Subject: Bug 693639: plug various memory leaks. Thanks to zeniko. Also ensure that pdf_free_annot copes with NULL. --- pdf/pdf_annot.c | 34 ++++++++++++++++++++++++---------- pdf/pdf_colorspace.c | 16 +++++++--------- pdf/pdf_outline.c | 2 ++ pdf/pdf_repair.c | 2 +- pdf/pdf_stream.c | 16 ++++++++++++---- 5 files changed, 46 insertions(+), 24 deletions(-) (limited to 'pdf') diff --git a/pdf/pdf_annot.c b/pdf/pdf_annot.c index 32de1eb9..01140048 100644 --- a/pdf/pdf_annot.c +++ b/pdf/pdf_annot.c @@ -295,8 +295,16 @@ pdf_load_link_annots(pdf_document *xref, pdf_obj *annots, const fz_matrix *page_ n = pdf_array_len(annots); for (i = 0; i < n; i++) { - obj = pdf_array_get(annots, i); - link = pdf_load_link(xref, obj, page_ctm); + fz_try(xref->ctx) + { + obj = pdf_array_get(annots, i); + link = pdf_load_link(xref, obj, page_ctm); + } + fz_catch(xref->ctx) + { + link = NULL; + } + if (link) { if (!head) @@ -317,7 +325,7 @@ pdf_free_annot(fz_context *ctx, pdf_annot *annot) { pdf_annot *next; - do + while (annot) { next = annot->next; if (annot->ap) @@ -326,7 +334,6 @@ pdf_free_annot(fz_context *ctx, pdf_annot *annot) fz_free(ctx, annot); annot = next; } - while (annot); } static void @@ -366,13 +373,20 @@ pdf_load_annots(pdf_document *xref, pdf_obj *annots, pdf_page *page) len = pdf_array_len(annots); for (i = 0; i < len; i++) { - obj = pdf_array_get(annots, i); + fz_try(ctx) + { + obj = pdf_array_get(annots, i); - pdf_update_appearance(xref, obj); + pdf_update_appearance(xref, obj); - rect = pdf_dict_gets(obj, "Rect"); - ap = pdf_dict_gets(obj, "AP"); - as = pdf_dict_gets(obj, "AS"); + rect = pdf_dict_gets(obj, "Rect"); + ap = pdf_dict_gets(obj, "AP"); + as = pdf_dict_gets(obj, "AS"); + } + fz_catch(ctx) + { + ap = NULL; + } if (!pdf_is_dict(ap)) continue; @@ -429,7 +443,7 @@ pdf_load_annots(pdf_document *xref, pdf_obj *annots, pdf_page *page) } fz_catch(ctx) { - fz_free(ctx, annot); + pdf_free_annot(ctx, annot); fz_warn(ctx, "ignoring broken annotation"); } } diff --git a/pdf/pdf_colorspace.c b/pdf/pdf_colorspace.c index 14dc5337..7b0ba7c3 100644 --- a/pdf/pdf_colorspace.c +++ b/pdf/pdf_colorspace.c @@ -259,23 +259,21 @@ load_indexed(pdf_document *xref, pdf_obj *array) { fz_stream *file = NULL; + fz_var(file); + fz_try(ctx) { file = pdf_open_stream(xref, pdf_to_num(lookup), pdf_to_gen(lookup)); + i = fz_read(file, idx->lookup, n); } - fz_catch(ctx) + fz_always(ctx) { - fz_throw(ctx, "cannot open colorspace lookup table (%d 0 R)", pdf_to_num(lookup)); + fz_close(file); } - - i = fz_read(file, idx->lookup, n); - if (i < 0) + fz_catch(ctx) { - fz_close(file); - fz_throw(ctx, "cannot read colorspace lookup table (%d 0 R)", pdf_to_num(lookup)); + fz_throw(ctx, "cannot open colorspace lookup table (%d 0 R)", pdf_to_num(lookup)); } - - fz_close(file); } else { diff --git a/pdf/pdf_outline.c b/pdf/pdf_outline.c index d92f3fbd..3a0e803e 100644 --- a/pdf/pdf_outline.c +++ b/pdf/pdf_outline.c @@ -10,6 +10,7 @@ pdf_load_outline_imp(pdf_document *xref, pdf_obj *dict) pdf_obj *odict = dict; fz_var(dict); + fz_var(first); fz_try(ctx) { @@ -50,6 +51,7 @@ pdf_load_outline_imp(pdf_document *xref, pdf_obj *dict) } fz_catch(ctx) { + fz_free_outline(ctx, first); fz_rethrow(ctx); } diff --git a/pdf/pdf_repair.c b/pdf/pdf_repair.c index be3779d2..c74f25af 100644 --- a/pdf/pdf_repair.c +++ b/pdf/pdf_repair.c @@ -310,7 +310,7 @@ pdf_repair_xref(pdf_document *xref, pdf_lexbuf *buf) break; } - if (num < 0) + if (num <= 0) { fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen); continue; diff --git a/pdf/pdf_stream.c b/pdf/pdf_stream.c index 77bf7c64..2639c9e1 100644 --- a/pdf/pdf_stream.c +++ b/pdf/pdf_stream.c @@ -268,10 +268,18 @@ pdf_open_filter(fz_stream *chain, pdf_document *xref, pdf_obj *stmobj, int num, chain = pdf_open_raw_filter(chain, xref, stmobj, num, num, gen, offset); - if (pdf_is_name(filters)) - chain = build_filter(chain, xref, filters, params, num, gen, imparams); - else if (pdf_array_len(filters) > 0) - chain = build_filter_chain(chain, xref, filters, params, num, gen, imparams); + fz_try(xref->ctx) + { + if (pdf_is_name(filters)) + chain = build_filter(chain, xref, filters, params, num, gen, imparams); + else if (pdf_array_len(filters) > 0) + chain = build_filter_chain(chain, xref, filters, params, num, gen, imparams); + } + fz_catch(xref->ctx) + { + fz_close(chain); + fz_rethrow(xref->ctx); + } return chain; } -- cgit v1.2.3