[poppler] poppler/CairoOutputDev.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Jul 1 14:26:44 UTC 2021
poppler/CairoOutputDev.cc | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 571d8138cb9ccc9ac04219a6a552d8c78e93ad88
Author: Uli Schlachter <psychon at znc.in>
Date: Sat Jun 26 12:00:50 2021 +0200
~CairoOutputDev(): Free textClipPath
The textClipPath member is set in CairoOutputDev::endString() and freed
in CairoOutputDev::endTextObject(). However, if endTextObject() is not
called for whatever reason, the path will just be leaked.
This adds code to the destructor to free this.
This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32326
Testing done:
$ wget -O testcase 'https://oss-fuzz.com/download?testcase_id=6659952325296128'
[...]
$ cmake .. -G Ninja -DENABLE_DCTDECODER=unmaintained -DENABLE_BOOST=OFF -DENABLE_LIBOPENJPEG=unmaintained && ninja
[...]
$ git describe
poppler-21.06.1-5-gb7c40059
$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104075==
==104075== HEAP SUMMARY:
==104075== in use at exit: 28,292 bytes in 55 blocks
==104075== total heap usage: 6,114 allocs, 6,059 frees, 1,617,444 bytes allocated
==104075==
==104075== 24 bytes in 1 blocks are definitely lost in loss record 4 of 37
==104075== at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==104075== by 0x48AE748: ??? (in /usr/lib/x86_64-linux-gnu/libcairo.so.2.11600.0)
==104075== by 0x118995: endString (CairoOutputDev.cc:1474)
==104075== by 0x118995: CairoOutputDev::endString(GfxState*) (CairoOutputDev.cc:1412)
==104075== by 0x4B97295: Gfx::doShowText(GooString const*) (Gfx.cc:4010)
==104075== by 0x4B97CB4: Gfx::opShowSpaceText(Object*, int) (Gfx.cc:3793)
==104075== by 0x4B8D866: Gfx::go(bool) (Gfx.cc:681)
==104075== by 0x4B8DCFA: display (Gfx.cc:642)
==104075== by 0x4B8DCFA: Gfx::display(Object*, bool) (Gfx.cc:622)
==104075== by 0x4BE1A83: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:576)
==104075== by 0x11317C: renderPage (pdftocairo.cc:669)
==104075== by 0x11317C: main (pdftocairo.cc:1183)
==104075==
==104075== LEAK SUMMARY:
==104075== definitely lost: 24 bytes in 1 blocks
==104075== indirectly lost: 0 bytes in 0 blocks
==104075== possibly lost: 0 bytes in 0 blocks
==104075== still reachable: 28,268 bytes in 54 blocks
==104075== suppressed: 0 bytes in 0 blocks
==104075== Reachable blocks (those to which a pointer was found) are not shown.
==104075== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104075==
==104075== For lists of detected and suppressed errors, rerun with: -s
==104075== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$ git checkout cairo-leak-textClipPath && git describe && ninja
Zu Branch 'cairo-leak-textClipPath' gewechselt
poppler-21.06.1-6-g8df6f8d2
$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104263==
==104263== HEAP SUMMARY:
==104263== in use at exit: 28,268 bytes in 54 blocks
==104263== total heap usage: 6,114 allocs, 6,060 frees, 1,617,444 bytes allocated
==104263==
==104263== LEAK SUMMARY:
==104263== definitely lost: 0 bytes in 0 blocks
==104263== indirectly lost: 0 bytes in 0 blocks
==104263== possibly lost: 0 bytes in 0 blocks
==104263== still reachable: 28,268 bytes in 54 blocks
==104263== suppressed: 0 bytes in 0 blocks
==104263== Reachable blocks (those to which a pointer was found) are not shown.
==104263== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104263==
==104263== For lists of detected and suppressed errors, rerun with: -s
==104263== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
As you (might) see, before this commit, there is a "definitely lost"
leak of 24 bytes with this test case. After this commit, this leak is
gone.
Signed-off-by: Uli Schlachter <psychon at znc.in>
diff --git a/poppler/CairoOutputDev.cc b/poppler/CairoOutputDev.cc
index aa68c6cd..87170849 100644
--- a/poppler/CairoOutputDev.cc
+++ b/poppler/CairoOutputDev.cc
@@ -179,6 +179,10 @@ CairoOutputDev::~CairoOutputDev()
if (fontEngine_owner && fontEngine) {
delete fontEngine;
}
+ if (textClipPath) {
+ cairo_path_destroy(textClipPath);
+ textClipPath = nullptr;
+ }
if (cairo)
cairo_destroy(cairo);
More information about the poppler
mailing list