packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ghostscript/backport-Fix-memory-leak-on-error-in-bitmap_paint-and-its-cal.patch
hugel ae4b352a77 Sync some patches from community
2025-04-17 16:08:02 +08:00

68 lines
2.8 KiB
Diff
Raw Permalink Blame History

From 776cf430dd1a96a7da33c0d33af9a6dd42bffec0 Mon Sep 17 00:00:00 2001
From: Julian Smith <jules@op59.net>
Date: Mon, 25 May 2020 11:59:52 +0100
Subject: [PATCH] Fix memory leak on error in bitmap_paint() and its callers.
Previously, bitmap_paint() would free its 'gs_image_enum * pen' arg, but caller
image_PaintProc() could also attempt to free this in one error path.
So have changed bitmap_paint() to only free what it allocates - call
gs_image_cleanup() instead of gs_image_cleanup_and_free_enum(); and patched
its two callers, mask_PaintProc() and image_PaintProc(), to add calls to
gs_free_object(pen).
Fixes leak in:
MEMENTO_FAILAT=15601 ./ghostpdl/membin/gpcl6 -sDEVICE=pbmraw -o /dev/null tests_private/pcl/pcl5cfts/fts.0954
---
base/gsptype1.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/base/gsptype1.c b/base/gsptype1.c
index 57c856596..e7f41eac2 100644
--- a/base/gsptype1.c
+++ b/base/gsptype1.c
@@ -808,10 +808,10 @@ static int bitmap_paint(gs_image_enum * pen, gs_data_image_t * pim,
static int
mask_PaintProc(const gs_client_color * pcolor, gs_gstate * pgs)
{
+ int code;
const pixmap_info *ppmap = gs_getpattern(pcolor)->client_data;
const gs_depth_bitmap *pbitmap = &(ppmap->bitmap);
- gs_image_enum *pen =
- gs_image_enum_alloc(gs_gstate_memory(pgs), "mask_PaintProc");
+ gs_image_enum *pen = gs_image_enum_alloc(gs_gstate_memory(pgs), "mask_PaintProc");
gs_image1_t mask;
if (pen == 0)
@@ -820,7 +820,9 @@ mask_PaintProc(const gs_client_color * pcolor, gs_gstate * pgs)
mask.Width = pbitmap->size.x;
mask.Height = pbitmap->size.y;
gs_image_init(pen, &mask, false, false, pgs);
- return bitmap_paint(pen, (gs_data_image_t *) & mask, pbitmap, pgs);
+ code = bitmap_paint(pen, (gs_data_image_t *) & mask, pbitmap, pgs);
+ gs_free_object(gs_gstate_memory(pgs), pen, "mask_PaintProc");
+ return code;
}
static int
image_PaintProc(const gs_client_color * pcolor, gs_gstate * pgs)
@@ -896,6 +898,7 @@ image_PaintProc(const gs_client_color * pcolor, gs_gstate * pgs)
(gs_data_image_t *)&image,
pgs )) >= 0 &&
(code = bitmap_paint(pen, (gs_data_image_t *) & image, pbitmap, pgs)) >= 0) {
+ gs_free_object(gs_gstate_memory(pgs), pen, "image_PaintProc");
return gs_grestore(pgs);
}
/* Failed above, need to undo the gsave */
@@ -922,7 +925,7 @@ bitmap_paint(gs_image_enum * pen, gs_data_image_t * pim,
else
for (n = pim->Height; n > 0 && code >= 0; dp += raster, --n)
code = gs_image_next(pen, dp, nbytes, &used);
- code1 = gs_image_cleanup_and_free_enum(pen, pgs);
+ code1 = gs_image_cleanup(pen, pgs);
if (code >= 0 && code1 < 0)
code = code1;
return code;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink