poppler/CairoOutputDev.cc | 4 ++++ 1 file changed, 4 insertions(+) New commits: commit 571d8138cb9ccc9ac04219a6a552d8c78e93ad88 Author: Uli Schlachter <psyc...@znc.in> Date: Sat Jun 26 12:00:50 2021 +0200
~CairoOutputDev(): Free textClipPath The textClipPath member is set in CairoOutputDev::endString() and freed in CairoOutputDev::endTextObject(). However, if endTextObject() is not called for whatever reason, the path will just be leaked. This adds code to the destructor to free this. This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32326 Testing done: $ wget -O testcase 'https://oss-fuzz.com/download?testcase_id=6659952325296128' [...] $ cmake .. -G Ninja -DENABLE_DCTDECODER=unmaintained -DENABLE_BOOST=OFF -DENABLE_LIBOPENJPEG=unmaintained && ninja [...] $ git describe poppler-21.06.1-5-gb7c40059 $ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo [...] ==104075== ==104075== HEAP SUMMARY: ==104075== in use at exit: 28,292 bytes in 55 blocks ==104075== total heap usage: 6,114 allocs, 6,059 frees, 1,617,444 bytes allocated ==104075== ==104075== 24 bytes in 1 blocks are definitely lost in loss record 4 of 37 ==104075== at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==104075== by 0x48AE748: ??? (in /usr/lib/x86_64-linux-gnu/libcairo.so.2.11600.0) ==104075== by 0x118995: endString (CairoOutputDev.cc:1474) ==104075== by 0x118995: CairoOutputDev::endString(GfxState*) (CairoOutputDev.cc:1412) ==104075== by 0x4B97295: Gfx::doShowText(GooString const*) (Gfx.cc:4010) ==104075== by 0x4B97CB4: Gfx::opShowSpaceText(Object*, int) (Gfx.cc:3793) ==104075== by 0x4B8D866: Gfx::go(bool) (Gfx.cc:681) ==104075== by 0x4B8DCFA: display (Gfx.cc:642) ==104075== by 0x4B8DCFA: Gfx::display(Object*, bool) (Gfx.cc:622) ==104075== by 0x4BE1A83: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:576) ==104075== by 0x11317C: renderPage (pdftocairo.cc:669) ==104075== by 0x11317C: main (pdftocairo.cc:1183) ==104075== ==104075== LEAK SUMMARY: ==104075== definitely lost: 24 bytes in 1 blocks ==104075== indirectly lost: 0 bytes in 0 blocks ==104075== possibly lost: 0 bytes in 0 blocks ==104075== still reachable: 28,268 bytes in 54 blocks ==104075== suppressed: 0 bytes in 0 blocks ==104075== Reachable blocks (those to which a pointer was found) are not shown. ==104075== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==104075== ==104075== For lists of detected and suppressed errors, rerun with: -s ==104075== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) $ git checkout cairo-leak-textClipPath && git describe && ninja Zu Branch 'cairo-leak-textClipPath' gewechselt poppler-21.06.1-6-g8df6f8d2 $ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo [...] ==104263== ==104263== HEAP SUMMARY: ==104263== in use at exit: 28,268 bytes in 54 blocks ==104263== total heap usage: 6,114 allocs, 6,060 frees, 1,617,444 bytes allocated ==104263== ==104263== LEAK SUMMARY: ==104263== definitely lost: 0 bytes in 0 blocks ==104263== indirectly lost: 0 bytes in 0 blocks ==104263== possibly lost: 0 bytes in 0 blocks ==104263== still reachable: 28,268 bytes in 54 blocks ==104263== suppressed: 0 bytes in 0 blocks ==104263== Reachable blocks (those to which a pointer was found) are not shown. ==104263== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==104263== ==104263== For lists of detected and suppressed errors, rerun with: -s ==104263== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) As you (might) see, before this commit, there is a "definitely lost" leak of 24 bytes with this test case. After this commit, this leak is gone. Signed-off-by: Uli Schlachter <psyc...@znc.in> diff --git a/poppler/CairoOutputDev.cc b/poppler/CairoOutputDev.cc index aa68c6cd..87170849 100644 --- a/poppler/CairoOutputDev.cc +++ b/poppler/CairoOutputDev.cc @@ -179,6 +179,10 @@ CairoOutputDev::~CairoOutputDev() if (fontEngine_owner && fontEngine) { delete fontEngine; } + if (textClipPath) { + cairo_path_destroy(textClipPath); + textClipPath = nullptr; + } if (cairo) cairo_destroy(cairo); _______________________________________________ poppler mailing list poppler@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/poppler