[Podofo-users] [ podofo-Bugs-3001207 ] PoDoFo dereferencing null pointer when out-of-memory

Thu, 13 May 2010 12:02:03 -0700 

Bugs item #3001207, was opened at 2010-05-13 17:56
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=790130&aid=3001207&group_id=154028

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: PoDoFo dereferencing null pointer when out-of-memory 

Initial Comment:
Hello,

I believe I have found a bug within PoDoFo when the system is out of memory 
during a Stream Write.

Here is what I see:

PdfMemoryOutputStream::Write()
{
...
         m_pBuffer = static_cast<char*>(podofo_realloc( m_pBuffer, m_lSize ));
  if( !m_pBuffer ) 
  {
      PODOFO_RAISE_ERROR( ePdfError_OutOfMemory );
  }
...
}

throws a ePdfError_OutOfMemory exception, unwinding us to:

void PdfFlateFilter::EncodeBlockInternal( )
{
        ...
                try {
            if( nWrittenData > 0 ) 
            {
                GetStream()->Write( reinterpret_cast<char*>(m_buffer), 
nWrittenData );
            }
                } catch( PdfError & e ) {
            // clean up after any output stream errors
            FailEncodeDecode();
            e.AddToCallstack( __FILE__, __LINE__ );
            throw e;
                }
        ...
}

The catch statement here handles the exception, calling FailEncodeDecode() and 
then re-throwing the exception. 
Note the body of FailEncodeDecode() :

void PdfFilter::FailEncodeDecode()
{
                m_pOutputStream->Close();
                m_pOutputStream = NULL;
}

now, since EncodeBlockInternal() re-throws we unwind to its caller:

void PdfFilter::EncodeBlock(  )
{
    PODOFO_RAISE_LOGIC_IF( !m_pOutputStream, "EncodeBlock() without 
BeginEncode() or on failed filter" );

        try {
                EncodeBlockImpl(pBuffer, lLen);
        } catch( const PdfError & e ) {
                // Clean up and close stream
                this->FailEncodeDecode();
                throw e;
        }
}

Which is where the problem occurs, FailEncodeDecode() is called a second time 
and attempts to call Close() on the (now null) m_pOutputStream pointer.

I suppose a simple check in FailEncodeDecode() on the pointer would fix this ie:

void PdfFilter::FailEncodeDecode()
{
                if (m_pOutputStream) {
                        m_pOutputStream->Close();
                        m_pOutputStream = NULL;
                }
}

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=790130&aid=3001207&group_id=154028

------------------------------------------------------------------------------

_______________________________________________
Podofo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to