[poppler] poppler/CairoOutputDev.cc

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Thu Jul 1 14:26:44 UTC 2021 

 poppler/CairoOutputDev.cc |    4 ++++
 1 file changed, 4 insertions(+)

New commits:
commit 571d8138cb9ccc9ac04219a6a552d8c78e93ad88
Author: Uli Schlachter <psychon at znc.in>
Date:   Sat Jun 26 12:00:50 2021 +0200

    ~CairoOutputDev(): Free textClipPath
    
    The textClipPath member is set in CairoOutputDev::endString() and freed
    in CairoOutputDev::endTextObject(). However, if endTextObject() is not
    called for whatever reason, the path will just be leaked.
    
    This adds code to the destructor to free this.
    
    This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32326
    
    Testing done:
    
    $ wget -O testcase 'https://oss-fuzz.com/download?testcase_id=6659952325296128'
    [...]
    $ cmake .. -G Ninja -DENABLE_DCTDECODER=unmaintained -DENABLE_BOOST=OFF -DENABLE_LIBOPENJPEG=unmaintained && ninja
    [...]
    $ git describe
    poppler-21.06.1-5-gb7c40059
    $ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
    [...]
    ==104075==
    ==104075== HEAP SUMMARY:
    ==104075==     in use at exit: 28,292 bytes in 55 blocks
    ==104075==   total heap usage: 6,114 allocs, 6,059 frees, 1,617,444 bytes allocated
    ==104075==
    ==104075== 24 bytes in 1 blocks are definitely lost in loss record 4 of 37
    ==104075==    at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==104075==    by 0x48AE748: ??? (in /usr/lib/x86_64-linux-gnu/libcairo.so.2.11600.0)
    ==104075==    by 0x118995: endString (CairoOutputDev.cc:1474)
    ==104075==    by 0x118995: CairoOutputDev::endString(GfxState*) (CairoOutputDev.cc:1412)
    ==104075==    by 0x4B97295: Gfx::doShowText(GooString const*) (Gfx.cc:4010)
    ==104075==    by 0x4B97CB4: Gfx::opShowSpaceText(Object*, int) (Gfx.cc:3793)
    ==104075==    by 0x4B8D866: Gfx::go(bool) (Gfx.cc:681)
    ==104075==    by 0x4B8DCFA: display (Gfx.cc:642)
    ==104075==    by 0x4B8DCFA: Gfx::display(Object*, bool) (Gfx.cc:622)
    ==104075==    by 0x4BE1A83: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:576)
    ==104075==    by 0x11317C: renderPage (pdftocairo.cc:669)
    ==104075==    by 0x11317C: main (pdftocairo.cc:1183)
    ==104075==
    ==104075== LEAK SUMMARY:
    ==104075==    definitely lost: 24 bytes in 1 blocks
    ==104075==    indirectly lost: 0 bytes in 0 blocks
    ==104075==      possibly lost: 0 bytes in 0 blocks
    ==104075==    still reachable: 28,268 bytes in 54 blocks
    ==104075==         suppressed: 0 bytes in 0 blocks
    ==104075== Reachable blocks (those to which a pointer was found) are not shown.
    ==104075== To see them, rerun with: --leak-check=full --show-leak-kinds=all
    ==104075==
    ==104075== For lists of detected and suppressed errors, rerun with: -s
    ==104075== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
    $ git checkout cairo-leak-textClipPath && git describe && ninja
    Zu Branch 'cairo-leak-textClipPath' gewechselt
    poppler-21.06.1-6-g8df6f8d2
    $ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
    [...]
    ==104263==
    ==104263== HEAP SUMMARY:
    ==104263==     in use at exit: 28,268 bytes in 54 blocks
    ==104263==   total heap usage: 6,114 allocs, 6,060 frees, 1,617,444 bytes allocated
    ==104263==
    ==104263== LEAK SUMMARY:
    ==104263==    definitely lost: 0 bytes in 0 blocks
    ==104263==    indirectly lost: 0 bytes in 0 blocks
    ==104263==      possibly lost: 0 bytes in 0 blocks
    ==104263==    still reachable: 28,268 bytes in 54 blocks
    ==104263==         suppressed: 0 bytes in 0 blocks
    ==104263== Reachable blocks (those to which a pointer was found) are not shown.
    ==104263== To see them, rerun with: --leak-check=full --show-leak-kinds=all
    ==104263==
    ==104263== For lists of detected and suppressed errors, rerun with: -s
    ==104263== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
    
    As you (might) see, before this commit, there is a "definitely lost"
    leak of 24 bytes with this test case. After this commit, this leak is
    gone.
    
    Signed-off-by: Uli Schlachter <psychon at znc.in>

diff --git a/poppler/CairoOutputDev.cc b/poppler/CairoOutputDev.cc
index aa68c6cd..87170849 100644
--- a/poppler/CairoOutputDev.cc
+++ b/poppler/CairoOutputDev.cc
@@ -179,6 +179,10 @@ CairoOutputDev::~CairoOutputDev()
     if (fontEngine_owner && fontEngine) {
         delete fontEngine;
     }
+    if (textClipPath) {
+        cairo_path_destroy(textClipPath);
+        textClipPath = nullptr;
+    }
 
     if (cairo)
         cairo_destroy(cairo);

More information about the poppler mailing list