This is compiled with openjpeg kjkmacpro:mupdf kkowalczyk$ valgrind --leak-check=full obj-rel/pdfdraw ~/Downloads/jbig-decode-error.pdf ==28760== Memcheck, a memory error detector. ==28760== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==28760== Using LibVEX rev 1899, a library for dynamic binary translation. ==28760== Copyright (C) 2004-2009, and GNU GPL'd, by OpenWorks LLP. ==28760== Using valgrind-3.5.0.SVN, a dynamic binary instrumentation framework. ==28760== Copyright (C) 2000-2009, and GNU GPL'd, by Julian Seward et al. ==28760== For more details, rerun with: -v ==28760== Drawing pages 1-2... draw jbig-decode-error.pdf:001 f50b3ad85c5da48b9803bb4f52da5ffc draw jbig-decode-error.pdf:002 526c49df68db34b341b4b04785cae9f9 ==28760== ==28760== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==28760== malloc/free: in use at exit: 348,538 bytes in 1,181 blocks. ==28760== malloc/free: 1,770 allocs, 589 frees, 77,335,956 bytes allocated. ==28760== For counts of detected errors, rerun with: -v ==28760== searching for pointers to 1,181 not-freed blocks. ==28760== checked 769,600 bytes. ==28760== ==28760== 24 bytes in 2 blocks are definitely lost in loss record 2 of 16 ==28760== at 0x53A516: malloc (vg_replace_malloc.c:193) ==28760== by 0xA287E: jbig2_word_stream_buf_new (jbig2.c:60) ==28760== by 0xA8A21: jbig2_parse_text_region (jbig2_text.c:680) ==28760== by 0xA2C65: jbig2_data_in (jbig2.c:314) ==28760== by 0x2BDF0: fz_processjbig2d (filt_jbig2d.c:116) ==28760== by 0x28D30: fz_process (stm_filter.c:19) ==28760== by 0x1FA1B: fz_processpipeline (filt_pipeline.c:115) ==28760== by 0x28D30: fz_process (stm_filter.c:19) ==28760== by 0x29801: fz_readimp (stm_read.c:62) ==28760== by 0x28E8A: fz_readall (stm_misc.c:68) ==28760== by 0x5CE29: pdf_loadstream (pdf_stream.c:471) ==28760== by 0x4608E: pdf_loadimage (pdf_image.c:392) ==28760== ==28760== ==28760== 160 bytes in 8 blocks are definitely lost in loss record 7 of 16 ==28760== at 0x53A516: malloc (vg_replace_malloc.c:193) ==28760== by 0x106CF: fz_malloc (base_memory.c:5) ==28760== by 0x128F8: fz_newovernode (node_misc2.c:13) ==28760== by 0x2E89F: pdf_addtransform (pdf_build.c:51) ==28760== by 0x488F8: pdf_runcsi (pdf_interpret.c:473) ==28760== by 0x4ED8F: runone (pdf_page.c:16) ==28760== by 0x4F63F: pdf_loadpage (pdf_page.c:119) ==28760== by 0x601F5: drawloadpage (pdfdraw.c:169) ==28760== by 0x603D7: drawpnm (pdfdraw.c:231) ==28760== by 0x61142: drawpages (pdfdraw.c:415) ==28760== by 0x61666: main (pdfdraw.c:494) ==28760== ==28760== ==28760== 124,811 bytes in 4 blocks are possibly lost in loss record 14 of 16 ==28760== at 0x53A516: malloc (vg_replace_malloc.c:193) ==28760== by 0xAD543: jbig2_image_new (jbig2_image.c:44) ==28760== by 0xA60D0: jbig2_symbol_dictionary (jbig2_symbol_dict.c:369) ==28760== by 0xA2C65: jbig2_data_in (jbig2.c:314) ==28760== by 0x2BD62: fz_setjbig2dglobalstream (filt_jbig2d.c:65) ==28760== by 0x5C6D7: buildonefilter (pdf_stream.c:129) ==28760== by 0x5CC4D: pdf_openstream (pdf_stream.c:311) ==28760== by 0x5CDC4: pdf_loadstream (pdf_stream.c:467) ==28760== by 0x4608E: pdf_loadimage (pdf_image.c:392) ==28760== by 0x5312F: preloadxobject (pdf_resources.c:146) ==28760== by 0x539C5: pdf_loadresources (pdf_resources.c:391) ==28760== by 0x4F2A6: pdf_loadpage (pdf_page.c:216) ==28760== ==28760== ==28760== 219,003 (152 direct, 218,851 indirect) bytes in 2 blocks are definitely lost in loss record 16 of 16 ==28760== at 0x53A516: malloc (vg_replace_malloc.c:193) ==28760== by 0xA277B: jbig2_ctx_new (jbig2.c:60) ==28760== by 0x2BCC4: fz_newjbig2d (filt_jbig2d.c:48) ==28760== by 0x5C4B7: buildonefilter (pdf_stream.c:121) ==28760== by 0x5CC4D: pdf_openstream (pdf_stream.c:311) ==28760== by 0x5CDC4: pdf_loadstream (pdf_stream.c:467) ==28760== by 0x4608E: pdf_loadimage (pdf_image.c:392) ==28760== by 0x5312F: preloadxobject (pdf_resources.c:146) ==28760== by 0x539C5: pdf_loadresources (pdf_resources.c:391) ==28760== by 0x4F2A6: pdf_loadpage (pdf_page.c:216) ==28760== by 0x601F5: drawloadpage (pdfdraw.c:169) ==28760== by 0x603D7: drawpnm (pdfdraw.c:231) ==28760== ==28760== LEAK SUMMARY: ==28760== definitely lost: 336 bytes in 12 blocks. ==28760== indirectly lost: 218,851 bytes in 1,154 blocks. ==28760== possibly lost: 124,811 bytes in 4 blocks. ==28760== still reachable: 4,540 bytes in 11 blocks. ==28760== suppressed: 0 bytes in 0 blocks. ==28760== Reachable blocks (those to which a pointer was found) are not shown. ==28760== To see them, rerun with: --leak-check=full --show-reachable=yes
Created attachment 5180 [details] jbig-decode-error.pdf PDF that shows the memleak
The main leaks seem to have been fixed, the only one that remains is a 24 byte struct. The following patch makes sure that the word stream is freed. I haven't tested it exclusively, but it plugs the leak in the example file. diff --git a/jbig2_text.c b/jbig2_text.c index d910d81..9b13692 100644 --- a/jbig2_text.c +++ b/jbig2_text.c @@ -711,7 +711,6 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data } as = jbig2_arith_new(ctx, ws); - ws = 0; params.IADT = jbig2_arith_int_ctx_new(ctx); params.IAFS = jbig2_arith_int_ctx_new(ctx); @@ -730,7 +729,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data code = jbig2_decode_text_region(ctx, segment, ¶ms, (const Jbig2SymbolDict * const *)dicts, n_dicts, image, segment_data + offset, segment->data_length - offset, - GR_stats, as, ws); + GR_stats, as, as ? NULL : ws); if (!params.SBHUFF && params.SBREFINE) { jbig2_free(ctx->allocator, GR_stats); @@ -745,6 +744,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data jbig2_release_huffman_table(ctx, params.SBHUFFRDW); jbig2_release_huffman_table(ctx, params.SBHUFFRDH); jbig2_release_huffman_table(ctx, params.SBHUFFRSIZE); + jbig2_word_stream_buf_free(ctx, ws); } else { jbig2_arith_int_ctx_free(ctx, params.IADT);
*** Bug 690607 has been marked as a duplicate of this bug. ***
Seems to have been fixed with Tor's patch in Comment 2.