poppler/TextOutputDev.cc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
New commits: commit 9e734063e6a6a4b9743c9aa27d3d3127b5a960d7 Author: Jason Crain <[email protected]> Date: Fri Dec 19 01:56:45 2014 -0600 Move array reallocation from visitLine to startLine Fixes potential memory corruption from writing after end of lines array. https://bugs.freedesktop.org/show_bug.cgi?id=84555 diff --git a/poppler/TextOutputDev.cc b/poppler/TextOutputDev.cc index 4b7ff40..9ed955e 100644 --- a/poppler/TextOutputDev.cc +++ b/poppler/TextOutputDev.cc @@ -4072,6 +4072,11 @@ void TextSelectionDumper::startLine() void TextSelectionDumper::finishLine() { + if (nLines == linesSize) { + linesSize *= 2; + lines = (GooList **)grealloc(lines, linesSize * sizeof(GooList *)); + } + if (words && words->getLength() > 0) lines[nLines++] = words; else if (words) @@ -4088,11 +4093,6 @@ void TextSelectionDumper::visitLine (TextLine *line, { TextLineFrag frag; - if (nLines == linesSize) { - linesSize *= 2; - lines = (GooList **)grealloc(lines, linesSize * sizeof(GooList *)); - } - frag.init(line, edge_begin, edge_end - edge_begin); if (tableId >= 0 && frag.line->blk->tableId < 0) { _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
