[PATCH 2/2] Fixes bug where libjpeg would create corrupted/incomplete images.
Stefan Thomas
thomas at eload24.com
Fri Jul 9 15:46:36 PDT 2010
This bug occurred when libjpeg tried to access temporary memory which had already been freed before ImgWriter->close() was called.
---
splash/SplashBitmap.cc | 21 ++++++++++++++++-----
1 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/splash/SplashBitmap.cc b/splash/SplashBitmap.cc
index 84d8666..e0fa788 100644
--- a/splash/SplashBitmap.cc
+++ b/splash/SplashBitmap.cc
@@ -335,17 +335,13 @@ SplashError SplashBitmap::writeImgFile(ImgWriter *writer, FILE *f, int hDPI, int
return splashErrGeneric;
}
- if (withAlpha) {
+ if (!withAlpha) {
e = writeImgDataRGB(writer);
} else {
e = writeImgDataRGBA(writer);
}
if (e) return e;
-
- if (writer->close()) {
- return splashErrGeneric;
- }
return splashOk;
}
@@ -367,6 +363,9 @@ SplashError SplashBitmap::writeImgDataRGB(ImgWriter *writer)
delete[] row_pointers;
return splashErrGeneric;
}
+ if (!writer->close()) {
+ return splashErrGeneric;
+ }
delete[] row_pointers;
}
break;
@@ -387,6 +386,9 @@ SplashError SplashBitmap::writeImgDataRGB(ImgWriter *writer)
return splashErrGeneric;
}
}
+ if (!writer->close()) {
+ return splashErrGeneric;
+ }
delete[] row;
}
break;
@@ -407,6 +409,9 @@ SplashError SplashBitmap::writeImgDataRGB(ImgWriter *writer)
return splashErrGeneric;
}
}
+ if (!writer->close()) {
+ return splashErrGeneric;
+ }
delete[] row;
}
break;
@@ -427,6 +432,9 @@ SplashError SplashBitmap::writeImgDataRGB(ImgWriter *writer)
return splashErrGeneric;
}
}
+ if (!writer->close()) {
+ return splashErrGeneric;
+ }
delete[] row;
}
break;
@@ -523,5 +531,8 @@ SplashError SplashBitmap::writeImgDataRGBA(ImgWriter *writer)
break;
}
+ if (!writer->close()) {
+ return splashErrGeneric;
+ }
delete[] row;
}
--
1.7.0.4
--------------040902060500010700020006--
More information about the poppler
mailing list