Bug 702566

Summary: memory leak in pdf_new_array()
Product: MuPDF Reporter: 1vanChen <yifengchen66>
Component: mupdfAssignee: MuPDF bugs <mupdf-bugs>
Status: RESOLVED FIXED    
Severity: minor CC: robin.watts
Priority: P4    
Version: master   
Hardware: PC   
OS: Linux   
Customer: Word Size: ---
Attachments: attachment

Description 1vanChen 2020-07-16 01:49:18 UTC 
Created attachment 19457 [details]
attachment

commit e4afff800d62ae83e3a45427bf2c0c09483e04a9

./mutool convert -o tmp.pdf -F pdf -O compress ArabicCIDTrueType.pdf
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 130768 to be able to run this instrumented program!
warning: cannot create ToUnicode mapping for NLPEIM+Jeezah
warning: cannot create ToUnicode mapping for NLPEIP+NewBasrahBold
warning: cannot create ToUnicode mapping for NLPEJB+Beirut
warning: cannot create ToUnicode mapping for NLPEJO+DamascusBold

=================================================================
==43943==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 320 byte(s) in 8 object(s) allocated from:
    #0 0x4c80d3 in malloc (/home/fuzz/mupdf/mupdf/out/mutool+0x4c80d3)
    #1 0x687ba2 in do_scavenging_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:29:7
    #2 0x687ba2 in fz_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:67
    #3 0x7d3c49 in pdf_new_array /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:563:8

Indirect leak of 640 byte(s) in 8 object(s) allocated from:
    #0 0x4c80d3 in malloc (/home/fuzz/mupdf/mupdf/out/mutool+0x4c80d3)
    #1 0x687ba2 in do_scavenging_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:29:7
    #2 0x687ba2 in fz_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:67
    #3 0x7d3e3e in pdf_new_array /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:575:16

Indirect leak of 256 byte(s) in 16 object(s) allocated from:
    #0 0x4c80d3 in malloc (/home/fuzz/mupdf/mupdf/out/mutool+0x4c80d3)
    #1 0x687ba2 in do_scavenging_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:29:7
    #2 0x687ba2 in fz_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:67
    #3 0x7e2737 in pdf_new_int /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:112:8
    #4 0x7e2737 in pdf_array_push_int /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:2346
    #5 0x79a356 in pdf_add_descendant_cid_font /home/fuzz/mupdf/mupdf/source/pdf/pdf-font-add.c:359:3

SUMMARY: AddressSanitizer: 1216 byte(s) leaked in 32 allocation(s).
Comment 1 Robin Watts 2020-09-24 16:49:59 UTC 
Fixed in:

commit 05720b4ee3dbae57e65546dc2eecc3021c08eeea
Author: Robin Watts <Robin.Watts@artifex.com>
Date:   Thu Sep 24 16:30:45 2020 +0100

    Bug 702566: Avoid leaking run_obj from pdf_add_cid_font_widths

    When we hit curr_code == face->num_glyphs we should publish any
    run_obj we have (and certainly drop it).

Thanks for the report.