[Poppler-bugs] [Bug 101367] New: Leak in GfxFont::locateFont(XRef*, PSOutputDev*) (GfxFont.cc:714)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jun 9 23:19:07 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=101367

            Bug ID: 101367
           Summary: Leak in GfxFont::locateFont(XRef*, PSOutputDev*)
                    (GfxFont.cc:714)
           Product: poppler
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: splash backend
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: dudul04 at yahoo.fr

Created attachment 131836
  --> https://bugs.freedesktop.org/attachment.cgi?id=131836&action=edit
PDF file demonstrating the leak

With the attached file,

{{{
$ LD_LIBRARY_PATH=poppler/.libs/ valgrind --leak-check=full --num-callers=40
utils/.libs/pdftoppm
/home/even/oss-fuzz/build/out/gdal/./crash-4c4c04f7e5922f1a145cf4bde7216c2f1856be97
 > out.ppm
==2927== Memcheck, a memory error detector
==2927== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==2927== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==2927== Command: utils/.libs/pdftoppm
/home/even/oss-fuzz/build/out/gdal/./crash-4c4c04f7e5922f1a145cf4bde7216c2f1856be97
==2927== 
Syntax Error (56205): Dictionary key must be a name object
Syntax Error: Couldn't create a font for 'MVGEWD+Arial-BoldMT'
==2927== 
==2927== HEAP SUMMARY:
==2927==     in use at exit: 241,513 bytes in 4,390 blocks
==2927==   total heap usage: 46,698 allocs, 42,308 frees, 49,714,772 bytes
allocated
==2927== 
==2927== 8,807 (6,656 direct, 2,151 indirect) bytes in 26 blocks are definitely
lost in loss record 118 of 121
==2927==    at 0x4C2DB8F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2927==    by 0x6ADB0B9: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6ADB829: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6ADCD4A: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6AE219B: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x7816A7B: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x781738B: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x7818CAD: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x7819404: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x781B70A: XML_ParseBuffer (in
/lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x6AE152A: FcConfigParseAndLoad (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6AE1836: FcConfigParseAndLoad (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6AE27A0: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x7816A7B: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x781738B: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x7818CAD: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x7819404: ??? (in /lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x781B70A: XML_ParseBuffer (in
/lib/x86_64-linux-gnu/libexpat.so.1.6.0)
==2927==    by 0x6AE152A: FcConfigParseAndLoad (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6AD46C7: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6AD4915: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6AC88DC: ??? (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x6ACA12E: FcConfigSubstituteWithPat (in
/usr/lib/x86_64-linux-gnu/libfontconfig.so.1.9.0)
==2927==    by 0x4F78838: GlobalParams::findSystemFontFile(GfxFont*,
SysFontType*, int*, GooString*, GooString*) (GlobalParams.cc:1189)
==2927==    by 0x4F59884: GfxFont::locateFont(XRef*, PSOutputDev*)
(GfxFont.cc:714)
==2927==    by 0x4F02AF8: SplashOutputDev::doUpdateFont(GfxState*)
(SplashOutputDev.cc:2087)
==2927==    by 0x4F034E2: SplashOutputDev::drawChar(GfxState*, double, double,
double, double, double, double, unsigned int, int, unsigned int*, int)
(SplashOutputDev.cc:2457)
==2927==    by 0x4F5437D: Gfx::doShowText(GooString*) (Gfx.cc:4088)
==2927==    by 0x4F54C74: Gfx::opShowText(Object*, int) (Gfx.cc:3830)
==2927==    by 0x4F4CCF8: Gfx::go(bool) (Gfx.cc:767)
==2927==    by 0x4F4D1FF: Gfx::display(Object*, bool) (Gfx.cc:729)
==2927==    by 0x4F967D4: Page::displaySlice(OutputDev*, double, double, int,
bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*,
void*), void*, bool) (Page.cc:601)
==2927==    by 0x401B25: savePageSlice (pdftoppm.cc:225)
==2927==    by 0x401B25: main (pdftoppm.cc:532)
}}}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170609/29944e74/attachment.html>

More information about the Poppler-bugs mailing list