46 lines
1.7 KiB
Diff
46 lines
1.7 KiB
Diff
From 90f0f92bf6bf9c346cd3f74adaa42a7c8a3702cb Mon Sep 17 00:00:00 2001
|
|
From: Nancy Durgin <nancy.durgin@artifex.com>
|
|
Date: Wed, 22 Jul 2020 12:24:05 -0700
|
|
Subject: [PATCH] Fix memory leak in pdfwrite device
|
|
|
|
This appears to only be a memory leak for non-garbage-collected interpreters
|
|
such as pdfi.
|
|
|
|
sclose() calls s_disable() which sets s->cbuf to 0.
|
|
But it also calls client callbacks that might do things with cbuf first, so
|
|
it will crash if we free it before calling sclose().
|
|
Side-effects galore! :(
|
|
|
|
Anyway, we save the pointer before doing the sclose() so we can
|
|
properly free it afterwards.
|
|
---
|
|
devices/vector/gdevpdfu.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/devices/vector/gdevpdfu.c b/devices/vector/gdevpdfu.c
|
|
index 2b2af1d32..f58999444 100644
|
|
--- a/devices/vector/gdevpdfu.c
|
|
+++ b/devices/vector/gdevpdfu.c
|
|
@@ -1186,6 +1186,7 @@ stream_to_none(gx_device_pdf * pdev)
|
|
}
|
|
if (pdev->compression_at_page_start == pdf_compress_Flate) { /* Terminate the filters. */
|
|
stream *fs = s->strm;
|
|
+ byte *buf;
|
|
|
|
if (!pdev->binary_ok) {
|
|
sclose(s); /* Terminate the ASCII85 filter. */
|
|
@@ -1194,8 +1195,9 @@ stream_to_none(gx_device_pdf * pdev)
|
|
pdev->strm = s = fs;
|
|
fs = s->strm;
|
|
}
|
|
+ buf = s->cbuf; /* Save because sclose may zero it out (causing memory leak) */
|
|
sclose(s); /* Next terminate the compression filter */
|
|
- gs_free_object(pdev->pdf_memory, s->cbuf, "zlib buffer");
|
|
+ gs_free_object(pdev->pdf_memory, buf, "zlib buffer");
|
|
gs_free_object(pdev->pdf_memory, s, "zlib stream");
|
|
pdev->strm = fs;
|
|
}
|
|
--
|
|
2.33.0
|
|
|