[Poppler-bugs] [Bug 65553] New: mismatched free/delete

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Jun 8 16:23:26 PDT 2013 

https://bugs.freedesktop.org/show_bug.cgi?id=65553

          Priority: medium
            Bug ID: 65553
          Assignee: poppler-bugs at lists.freedesktop.org
           Summary: mismatched free/delete
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: chpe at gnome.org
          Hardware: Other
            Status: NEW
           Version: unspecified
         Component: general
           Product: poppler

==11960== Thread 3:
==11960== Mismatched free() / delete / delete []
==11960==    at 0x4028E4E: operator delete(void*) (vg_replace_malloc.c:457)
==11960==    by 0x223475EC: TextStringToUCS4(GooString*, unsigned int**)
(UTF.cc:104)
==11960==    by 0x2236FC0A: ActualText::end(GfxState*) (TextOutputDev.cc:5247)
==11960==    by 0x2221BB22: CairoOutputDev::endActualText(GfxState*)
(CairoOutputDev.cc:1373)
==11960==    by 0x222EA77C: Gfx::opEndMarkedContent(Object*, int) (Gfx.cc:5111)
==11960==    by 0x222E4AE5: Gfx::execOp(Object*, Object*, int) (Gfx.cc:856)
==11960==    by 0x222EC1BA: Gfx::go(bool) (Gfx.cc:715)
==11960==    by 0x222EC651: Gfx::display(Object*, bool) (Gfx.cc:681)
==11960==    by 0x2440AA8F: ???
==11960==  Address 0x257090b8 is 0 bytes inside a block of size 4 alloc'd
==11960==    at 0x40295B5: operator new[](unsigned int)
(vg_replace_malloc.c:343)
==11960==    by 0x223475A4: TextStringToUCS4(GooString*, unsigned int**)
(UTF.cc:99)
==11960==    by 0x2236FC0A: ActualText::end(GfxState*) (TextOutputDev.cc:5247)
==11960==    by 0x2221BB22: CairoOutputDev::endActualText(GfxState*)
(CairoOutputDev.cc:1373)
==11960==    by 0x222EA77C: Gfx::opEndMarkedContent(Object*, int) (Gfx.cc:5111)
==11960==    by 0x222E4AE5: Gfx::execOp(Object*, Object*, int) (Gfx.cc:856)
==11960==    by 0x222EC1BA: Gfx::go(bool) (Gfx.cc:715)
==11960==    by 0x222EC651: Gfx::display(Object*, bool) (Gfx.cc:681)
==11960==    by 0x2440AA8F: ???


Code is here (master and 0.22 branch):

      utf16 = new Unicode[len];
      for (i = 0 ; i < len; i++) {
        utf16[i] = (s[2 + i*2] & 0xff) << 8 | (s[3 + i*2] & 0xff);
      }
      len = UTF16toUCS4(utf16, len, &u);
!!!   delete utf16;

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20130608/597eefba/attachment.html>

More information about the Poppler-bugs mailing list