[Libreoffice-commits] core.git: sdext/source

Sat Oct 20 10:49:10 UTC 2018

sdext/source/pdfimport/pdfparse/pdfentries.cxx |   40 +++++++++++++++----------
 1 file changed, 24 insertions(+), 16 deletions(-)

New commits:
commit 77e4f5e2b31292ca635aa807f701ba39ac521531
Author:     Mike Kaganski <mike.kaganski at collabora.com>
AuthorDate: Sat Oct 20 11:26:52 2018 +0200
Commit:     Mike Kaganski <mike.kaganski at collabora.com>
CommitDate: Sat Oct 20 12:48:49 2018 +0200

    tdf#120703 (PVS)
    
    V1023 A pointer without owner is added to the 'm_aSubElements' container by the
          'emplace_back' method. A memory leak will occur in case of an exception.
    
    V560 A part of conditional expression is always true: !pNum.
    
    V701 realloc() possible leak: when realloc() fails in allocating memory, original
         pointer '* pOutBuf' is lost. Consider assigning realloc() to a temporary
         pointer.
    
    V586 The 'delete' operator is called twice for deallocation of the same memory
         space.
    
    V581 The conditional expressions of the 'if' statements situated alongside each
         other are identical. Check lines: 867, 869.
    
    Change-Id: I2832bf7228914b48cf2c5178ed9c0719b53c883c
    Reviewed-on: https://gerrit.libreoffice.org/62040
    Tested-by: Jenkins
    Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>

diff --git a/sdext/source/pdfimport/pdfparse/pdfentries.cxx b/sdext/source/pdfimport/pdfparse/pdfentries.cxx
index c5e2c4203d8f..7d176ebdfc16 100644
--- a/sdext/source/pdfimport/pdfparse/pdfentries.cxx
+++ b/sdext/source/pdfimport/pdfparse/pdfentries.cxx
@@ -21,6 +21,7 @@
 #include <pdfparse.hxx>
 
 #include <comphelper/hash.hxx>
+#include <o3tl/make_unique.hxx>
 
 #include <rtl/strbuf.hxx>
 #include <rtl/ustring.hxx>
@@ -531,7 +532,7 @@ void PDFDict::insertValue( const OString& rName, PDFEntry* pValue )
     if( it == m_aMap.end() )
     {
         // new name/value, pair, append it
-        m_aSubElements.emplace_back( new PDFName( rName ) );
+        m_aSubElements.emplace_back(o3tl::make_unique<PDFName>(rName));
         m_aSubElements.emplace_back( pValue );
     }
     else
@@ -628,7 +629,7 @@ unsigned int PDFStream::getDictLength( const PDFContainer* pContainer ) const
         if( pRef )
         {
             int nEle = pContainer->m_aSubElements.size();
-            for( int i = 0; i < nEle && ! pNum; i++ )
+            for (int i = 0; i < nEle; i++)
             {
                 PDFObject* pObj = dynamic_cast<PDFObject*>(pContainer->m_aSubElements[i].get());
                 if( pObj &&
@@ -729,10 +730,15 @@ static void unzipToBuffer( char* pBegin, unsigned int nLen,
 
     const unsigned int buf_increment_size = 16384;
 
-    *pOutBuf = static_cast<sal_uInt8*>(std::realloc( *pOutBuf, buf_increment_size ));
-    aZStr.next_out      = reinterpret_cast<Bytef*>(*pOutBuf);
-    aZStr.avail_out     = buf_increment_size;
-    *pOutLen = buf_increment_size;
+    if (auto p = static_cast<sal_uInt8*>(std::realloc(*pOutBuf, buf_increment_size)))
+    {
+        *pOutBuf = p;
+        aZStr.next_out = reinterpret_cast<Bytef*>(*pOutBuf);
+        aZStr.avail_out = buf_increment_size;
+        *pOutLen = buf_increment_size;
+    }
+    else
+        err = Z_MEM_ERROR;
     while( err != Z_STREAM_END && err >= Z_OK && aZStr.avail_in )
     {
         err = inflate( &aZStr, Z_NO_FLUSH );
@@ -741,10 +747,15 @@ static void unzipToBuffer( char* pBegin, unsigned int nLen,
             if( err != Z_STREAM_END )
             {
                 const int nNewAlloc = *pOutLen + buf_increment_size;
-                *pOutBuf = static_cast<sal_uInt8*>(std::realloc( *pOutBuf, nNewAlloc ));
-                aZStr.next_out = reinterpret_cast<Bytef*>(*pOutBuf + *pOutLen);
-                aZStr.avail_out = buf_increment_size;
-                *pOutLen = nNewAlloc;
+                if (auto p = static_cast<sal_uInt8*>(std::realloc(*pOutBuf, nNewAlloc)))
+                {
+                    *pOutBuf = p;
+                    aZStr.next_out = reinterpret_cast<Bytef*>(*pOutBuf + *pOutLen);
+                    aZStr.avail_out = buf_increment_size;
+                    *pOutLen = nNewAlloc;
+                }
+                else
+                    err = Z_MEM_ERROR;
             }
         }
     }
@@ -845,7 +856,6 @@ bool PDFObject::emit( EmitContext& rWriteContext ) const
                                 pFilter = dynamic_cast<PDFName*>(pArray->m_aSubElements.front().get());
                                 if (pFilter && pFilter->m_aName == "FlateDecode")
                                 {
-                                    delete pFilter;
                                     pArray->m_aSubElements.erase( pArray->m_aSubElements.begin() );
                                 }
                             }
@@ -864,11 +874,9 @@ bool PDFObject::emit( EmitContext& rWriteContext ) const
                 delete pClone;
                 // write stream
                 if( bRet )
-                    rWriteContext.write( "stream\n", 7 );
-                if( bRet )
-                    bRet = rWriteContext.write( pOutBytes, nOutBytes );
-                if( bRet )
-                    bRet = rWriteContext.write( "\nendstream\nendobj\n", 18 );
+                    bRet = rWriteContext.write("stream\n", 7)
+                           && rWriteContext.write(pOutBytes, nOutBytes)
+                           && rWriteContext.write("\nendstream\nendobj\n", 18);
                 if( pOutBytes != reinterpret_cast<sal_uInt8*>(pStream.get()) )
                     std::free( pOutBytes );
                 pEData->setDecryptObject( 0, 0 );
