From 984887ee8fb431e5c5d243c40dcb73d5149b033f Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Tue, 31 Jul 2018 03:31:06 +0800 Subject: Bug 699694: Fix reference counting for JBIG2 globals. fz_open_jbig2d() is called at two locations in MuPDF. At one location a reference to the JBIG2 globals struct was taken before passing it to fz_open_jbig2d(). At the other location no such reference was taken, but rather ownership of the struct was implicitly transferred to fz_open_jbig2d(). This inconsistency led to a leak of the globals struct at the first location. Now, passing a JBIG2 globals struct to fz_open_jbig2d() never implictly takes ownership. Instead the JBIG2 stream will take a reference if it needs it and drops it in case of error. As usual it is the callers responsibility to drop the reference to the globals struct it owns. --- source/pdf/pdf-stream.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source/pdf/pdf-stream.c') diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c index f52539cf..29301f5d 100644 --- a/source/pdf/pdf-stream.c +++ b/source/pdf/pdf-stream.c @@ -173,6 +173,7 @@ build_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_obj *f, p { fz_compression_params local_params; + local_params.u.jbig2.globals = NULL; if (params == NULL) params = &local_params; @@ -184,6 +185,18 @@ build_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_obj *f, p if (params != &local_params && params->type != FZ_IMAGE_RAW) return fz_keep_stream(ctx, chain); /* nothing to do */ + else if (params->type == FZ_IMAGE_JBIG2) + { + fz_stream *stm; + fz_try(ctx) + stm = fz_open_image_decomp_stream(ctx, chain, params, NULL); + fz_always(ctx) + fz_drop_jbig2_globals(ctx, local_params.u.jbig2.globals); + fz_catch(ctx) + fz_rethrow(ctx); + return stm; + } + else if (params->type != FZ_IMAGE_RAW) return fz_open_image_decomp_stream(ctx, chain, params, NULL); -- cgit v1.2.3