[poppler] poppler/GfxState.cc

Albert Astals Cid Tue, 10 Apr 2018 15:45:30 -0700

 poppler/GfxState.cc |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)


New commits:
commit 776257d0c20d4e3ae8d66683ab0f087bf6fc7b0f
Author: Albert Astals Cid <aa...@kde.org>
Date:   Wed Apr 11 00:44:41 2018 +0200

    Fix leaks in GfxPatchMeshShading::parse with malformed documents
    
    Bug #105969

diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index 9ceae8fc..3d564138 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -44,6 +44,7 @@
 #endif
 
 #include <algorithm>
+#include <memory>
 #include <stddef.h>
 #include <math.h>
 #include <string.h>
@@ -5105,7 +5106,6 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
   Guint xi, yi;
   double c[4][gfxColorMaxComps];
   Guint ci;
-  GfxShadingBitBuf *bitBuf;
   Object obj1;
   int i, j;
 
@@ -5183,7 +5183,7 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
   nPatchesA = 0;
   patchesA = nullptr;
   patchesSize = 0;
-  bitBuf = new GfxShadingBitBuf(str);
+  std::unique_ptr<GfxShadingBitBuf> bitBuf(new GfxShadingBitBuf(str));
   while (1) {
     if (!bitBuf->getBits(flagBits, &flag)) {
       break;
@@ -5279,6 +5279,7 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
        break;
       case 1:
        if (nPatchesA == 0) {
+          gfree(patchesA);
          return nullptr;
        }
        p->x[0][0] = patchesA[nPatchesA-1].x[0][3];
@@ -5314,6 +5315,7 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
        break;
       case 2:
        if (nPatchesA == 0) {
+          gfree(patchesA);
          return nullptr;
        }
        p->x[0][0] = patchesA[nPatchesA-1].x[3][3];
@@ -5349,6 +5351,7 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
        break;
       case 3:
        if (nPatchesA == 0) {
+          gfree(patchesA);
          return nullptr;
        }
        p->x[0][0] = patchesA[nPatchesA-1].x[3][0];
@@ -5427,6 +5430,7 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
        break;
       case 1:
        if (nPatchesA == 0) {
+          gfree(patchesA);
          return nullptr;
        }
        p->x[0][0] = patchesA[nPatchesA-1].x[0][3];
@@ -5470,6 +5474,7 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
        break;
       case 2:
        if (nPatchesA == 0) {
+          gfree(patchesA);
          return nullptr;
        }
        p->x[0][0] = patchesA[nPatchesA-1].x[3][3];
@@ -5513,6 +5518,7 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
        break;
       case 3:
        if (nPatchesA == 0) {
+          gfree(patchesA);
          return nullptr;
        }
        p->x[0][0] = patchesA[nPatchesA-1].x[3][0];
@@ -5559,7 +5565,6 @@ GfxPatchMeshShading 
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
     ++nPatchesA;
     bitBuf->flushBits();
   }
-  delete bitBuf;
 
   if (typeA == 6) {
     for (i = 0; i < nPatchesA; ++i) {
_______________________________________________
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] poppler/GfxState.cc

Reply via email to