diff options
| author | Uli Schlachter <psychon@znc.in> | 2021-06-26 12:00:50 +0200 |
|---|---|---|
| committer | Uli Schlachter <psychon@znc.in> | 2021-07-01 16:08:16 +0200 |
| commit | 571d8138cb9ccc9ac04219a6a552d8c78e93ad88 (patch) | |
| tree | bef1f5223ffe593abc87c3c02199117056d7f201 /poppler/CairoOutputDev.cc | |
| parent | c11fbf5a732a041a26359dc7fef103ac44a2346f (diff) | |
~CairoOutputDev(): Free textClipPath
The textClipPath member is set in CairoOutputDev::endString() and freed
in CairoOutputDev::endTextObject(). However, if endTextObject() is not
called for whatever reason, the path will just be leaked.
This adds code to the destructor to free this.
This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32326
Testing done:
$ wget -O testcase 'https://oss-fuzz.com/download?testcase_id=6659952325296128'
[...]
$ cmake .. -G Ninja -DENABLE_DCTDECODER=unmaintained -DENABLE_BOOST=OFF -DENABLE_LIBOPENJPEG=unmaintained && ninja
[...]
$ git describe
poppler-21.06.1-5-gb7c40059
$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104075==
==104075== HEAP SUMMARY:
==104075== in use at exit: 28,292 bytes in 55 blocks
==104075== total heap usage: 6,114 allocs, 6,059 frees, 1,617,444 bytes allocated
==104075==
==104075== 24 bytes in 1 blocks are definitely lost in loss record 4 of 37
==104075== at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==104075== by 0x48AE748: ??? (in /usr/lib/x86_64-linux-gnu/libcairo.so.2.11600.0)
==104075== by 0x118995: endString (CairoOutputDev.cc:1474)
==104075== by 0x118995: CairoOutputDev::endString(GfxState*) (CairoOutputDev.cc:1412)
==104075== by 0x4B97295: Gfx::doShowText(GooString const*) (Gfx.cc:4010)
==104075== by 0x4B97CB4: Gfx::opShowSpaceText(Object*, int) (Gfx.cc:3793)
==104075== by 0x4B8D866: Gfx::go(bool) (Gfx.cc:681)
==104075== by 0x4B8DCFA: display (Gfx.cc:642)
==104075== by 0x4B8DCFA: Gfx::display(Object*, bool) (Gfx.cc:622)
==104075== by 0x4BE1A83: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:576)
==104075== by 0x11317C: renderPage (pdftocairo.cc:669)
==104075== by 0x11317C: main (pdftocairo.cc:1183)
==104075==
==104075== LEAK SUMMARY:
==104075== definitely lost: 24 bytes in 1 blocks
==104075== indirectly lost: 0 bytes in 0 blocks
==104075== possibly lost: 0 bytes in 0 blocks
==104075== still reachable: 28,268 bytes in 54 blocks
==104075== suppressed: 0 bytes in 0 blocks
==104075== Reachable blocks (those to which a pointer was found) are not shown.
==104075== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104075==
==104075== For lists of detected and suppressed errors, rerun with: -s
==104075== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$ git checkout cairo-leak-textClipPath && git describe && ninja
Zu Branch 'cairo-leak-textClipPath' gewechselt
poppler-21.06.1-6-g8df6f8d2
$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104263==
==104263== HEAP SUMMARY:
==104263== in use at exit: 28,268 bytes in 54 blocks
==104263== total heap usage: 6,114 allocs, 6,060 frees, 1,617,444 bytes allocated
==104263==
==104263== LEAK SUMMARY:
==104263== definitely lost: 0 bytes in 0 blocks
==104263== indirectly lost: 0 bytes in 0 blocks
==104263== possibly lost: 0 bytes in 0 blocks
==104263== still reachable: 28,268 bytes in 54 blocks
==104263== suppressed: 0 bytes in 0 blocks
==104263== Reachable blocks (those to which a pointer was found) are not shown.
==104263== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104263==
==104263== For lists of detected and suppressed errors, rerun with: -s
==104263== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
As you (might) see, before this commit, there is a "definitely lost"
leak of 24 bytes with this test case. After this commit, this leak is
gone.
Signed-off-by: Uli Schlachter <psychon@znc.in>
Diffstat (limited to 'poppler/CairoOutputDev.cc')
| -rw-r--r-- | poppler/CairoOutputDev.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/poppler/CairoOutputDev.cc b/poppler/CairoOutputDev.cc index aa68c6cd..87170849 100644 --- a/poppler/CairoOutputDev.cc +++ b/poppler/CairoOutputDev.cc @@ -179,6 +179,10 @@ CairoOutputDev::~CairoOutputDev() if (fontEngine_owner && fontEngine) { delete fontEngine; } + if (textClipPath) { + cairo_path_destroy(textClipPath); + textClipPath = nullptr; + } if (cairo) cairo_destroy(cairo); |