[poppler] Using free'd object on loop pages
Albert Astals Cid
aacid at kde.org
Mon Nov 29 11:30:51 PST 2010
A Dijous, 25 de novembre de 2010, Hib Eris va escriure:
> Hi,
>
> On Wed, Nov 24, 2010 at 9:30 PM, Albert Astals Cid <aacid at kde.org> wrote:
> > Hi Hib, got a pdf that has a loop in pages and it is aborting because
> > uses an already freed object, looking at the code i see
> >
> > for (size_t i = 0; i < pagesRefList->size(); i++) {
> > if (((*pagesRefList)[i]).num == kidRef.getRefNum()) {
> > error(-1, "Loop in Pages tree");
> > kidRef.free();
> > kids.free();
> > kidsIdxList->back()++;
> > continue;
> > }
> > }
> >
> > Object kid;
> > kids.arrayGet(kidsIdx, &kid);
> >
> > So we are free'ing kids, doing continue to quit the loop and the using
> > kids.
> >
> > Wonder if that continue should be a return gFalse?
>
> Hmmm, my intention was to be fault tolerant and skip over the loop and
> continue with the next page. Clearly, that is not what the code does
> right now.
> Please consider the attached patch.
It's in.
Albert
>
>
> Hib
More information about the poppler
mailing list