From 64140fa7f404f7499a72a255118c7243363b93dd Mon Sep 17 00:00:00 2001
From: Paul Gardiner <paulg.artifex@glidos.net>
Date: Tue, 25 Jun 2013 13:43:31 +0100
Subject: Fix potential memory leak

---
 source/pdf/pdf-annot.c | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

(limited to 'source/pdf/pdf-annot.c')

diff --git a/source/pdf/pdf-annot.c b/source/pdf/pdf-annot.c
index a46f67b7..453e9bfb 100644
--- a/source/pdf/pdf-annot.c
+++ b/source/pdf/pdf-annot.c
@@ -484,6 +484,7 @@ pdf_load_annots(pdf_document *doc, pdf_obj *annots, pdf_page *page)
 
 	fz_var(annot);
 	fz_var(itr);
+	fz_var(head);
 
 	head = tail = NULL;
 
@@ -494,22 +495,30 @@ pdf_load_annots(pdf_document *doc, pdf_obj *annots, pdf_page *page)
 	the annot array, so we don't want to be iterating through the array while
 	that happens.
 	*/
-	for (i = 0; i < len; i++)
+	fz_try(ctx)
 	{
-		obj = pdf_array_get(annots, i);
-		annot = fz_malloc_struct(ctx, pdf_annot);
-		annot->obj = pdf_keep_obj(obj);
-		annot->page = page;
-		annot->next = NULL;
-
-		if (!head)
-			head = tail = annot;
-		else
+		for (i = 0; i < len; i++)
 		{
-			tail->next = annot;
-			tail = annot;
+			obj = pdf_array_get(annots, i);
+			annot = fz_malloc_struct(ctx, pdf_annot);
+			annot->obj = pdf_keep_obj(obj);
+			annot->page = page;
+			annot->next = NULL;
+
+			if (!head)
+				head = tail = annot;
+			else
+			{
+				tail->next = annot;
+				tail = annot;
+			}
 		}
 	}
+	fz_catch(ctx)
+	{
+		pdf_free_annot(ctx, head);
+		fz_rethrow(ctx);
+	}
 
 	/*
 	Iterate through the newly created annot linked list, using a double pointer to
-- 
cgit v1.2.3