Use the right free function for ICC color profiles.chromium/3146

They are allocated with |opj_malloc| (which is just |malloc|), but we were
freeing them with |FX_Free|. But |FX_Free| recently changed to be
|PartitionFree|.

This is probably not the right ultimate fix, but it should solve the
high-occurence crash we're seeing in the short term.

BUG=chromium:737033

Change-Id: Ia162fe4e39731bd774d3eccb2357d9add26aa079
Reviewed-on: https://pdfium-review.googlesource.com/7230
Commit-Queue: Chris Palmer <palmer@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>

1 files changed, 4 insertions, 1 deletions

diff --git a/core/fxcodec/codec/fx_codec_jpx_opj.cpp b/core/fxcodec/codec/fx_codec_jpx_opj.cpp
index 74ab5f277d..5d94d0e624 100644
--- a/core/fxcodec/codec/fx_codec_jpx_opj.cpp
+++ b/core/fxcodec/codec/fx_codec_jpx_opj.cpp
@@ -769,7 +769,10 @@ bool CJPX_Decoder::Init(const unsigned char* src_data, uint32_t src_size) {
     color_sycc_to_rgb(image);
   }
   if (image->icc_profile_buf) {
-    FX_Free(image->icc_profile_buf);
+    // TODO(crbug.com/737033): Using |free| here resolves the crash described in
+    // chromium:737033, but ultimately we need to harmonize the memory
+    // allocation strategy across OpenJPEG and its PDFium callers.
+    free(image->icc_profile_buf);
     image->icc_profile_buf = nullptr;
     image->icc_profile_len = 0;
   }