[poppler] Using free'd object on loop pages
Hib Eris
hib at hiberis.nl
Thu Nov 25 02:49:57 PST 2010
Hi,
On Wed, Nov 24, 2010 at 9:30 PM, Albert Astals Cid <aacid at kde.org> wrote:
> Hi Hib, got a pdf that has a loop in pages and it is aborting because uses an
> already freed object, looking at the code i see
>
> for (size_t i = 0; i < pagesRefList->size(); i++) {
> if (((*pagesRefList)[i]).num == kidRef.getRefNum()) {
> error(-1, "Loop in Pages tree");
> kidRef.free();
> kids.free();
> kidsIdxList->back()++;
> continue;
> }
> }
>
> Object kid;
> kids.arrayGet(kidsIdx, &kid);
>
> So we are free'ing kids, doing continue to quit the loop and the using kids.
>
> Wonder if that continue should be a return gFalse?
Hmmm, my intention was to be fault tolerant and skip over the loop and
continue with the next page. Clearly, that is not what the code does
right now.
Please consider the attached patch.
Hib
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Skip-over-loops-in-Pages-tree.patch
Type: text/x-patch
Size: 1076 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/poppler/attachments/20101125/62762de7/attachment.bin>
More information about the poppler
mailing list