702566 – memory leak in pdf_new_array()

Bug 702566 - memory leak in pdf_new_array()

Summary: memory leak in pdf_new_array()

Status:	RESOLVED FIXED

Alias:	None

Product:	MuPDF
Classification:	Unclassified
Component:	mupdf (show other bugs)
Version:	master
Hardware:	PC Linux

Importance:	P4 minor
Assignee:	MuPDF bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-07-16 01:49 UTC by 1vanChen
Modified:	2020-09-24 16:49 UTC (History)
CC List:	1 user (show)

See Also:
Customer:
Word Size:	---

Attachments
attachment (38.45 KB, application/pdf) 2020-07-16 01:49 UTC, 1vanChen	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 1vanChen 2020-07-16 01:49:18 UTC

Created attachment 19457 [details]
attachment

commit e4afff800d62ae83e3a45427bf2c0c09483e04a9

./mutool convert -o tmp.pdf -F pdf -O compress ArabicCIDTrueType.pdf
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 130768 to be able to run this instrumented program!
warning: cannot create ToUnicode mapping for NLPEIM+Jeezah
warning: cannot create ToUnicode mapping for NLPEIP+NewBasrahBold
warning: cannot create ToUnicode mapping for NLPEJB+Beirut
warning: cannot create ToUnicode mapping for NLPEJO+DamascusBold

=================================================================
==43943==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 320 byte(s) in 8 object(s) allocated from:
    #0 0x4c80d3 in malloc (/home/fuzz/mupdf/mupdf/out/mutool+0x4c80d3)
    #1 0x687ba2 in do_scavenging_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:29:7
    #2 0x687ba2 in fz_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:67
    #3 0x7d3c49 in pdf_new_array /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:563:8

Indirect leak of 640 byte(s) in 8 object(s) allocated from:
    #0 0x4c80d3 in malloc (/home/fuzz/mupdf/mupdf/out/mutool+0x4c80d3)
    #1 0x687ba2 in do_scavenging_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:29:7
    #2 0x687ba2 in fz_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:67
    #3 0x7d3e3e in pdf_new_array /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:575:16

Indirect leak of 256 byte(s) in 16 object(s) allocated from:
    #0 0x4c80d3 in malloc (/home/fuzz/mupdf/mupdf/out/mutool+0x4c80d3)
    #1 0x687ba2 in do_scavenging_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:29:7
    #2 0x687ba2 in fz_malloc /home/fuzz/mupdf/mupdf/source/fitz/memory.c:67
    #3 0x7e2737 in pdf_new_int /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:112:8
    #4 0x7e2737 in pdf_array_push_int /home/fuzz/mupdf/mupdf/source/pdf/pdf-object.c:2346
    #5 0x79a356 in pdf_add_descendant_cid_font /home/fuzz/mupdf/mupdf/source/pdf/pdf-font-add.c:359:3

SUMMARY: AddressSanitizer: 1216 byte(s) leaked in 32 allocation(s).

Comment 1 Robin Watts 2020-09-24 16:49:59 UTC

Fixed in:

commit 05720b4ee3dbae57e65546dc2eecc3021c08eeea
Author: Robin Watts <Robin.Watts@artifex.com>
Date:   Thu Sep 24 16:30:45 2020 +0100

    Bug 702566: Avoid leaking run_obj from pdf_add_cid_font_widths

    When we hit curr_code == face->num_glyphs we should publish any
    run_obj we have (and certainly drop it).

Thanks for the report.