shithub: jbig2

Download patch

ref: a42adfaa785b05670af63f8767c3ff55636c6686
parent: 1fddee262691d23dc283965c0dbe0e0de2c85bf9
author: Shailesh Mistry <[email protected]>
date: Tue Jan 10 17:24:35 EST 2012

Bug 691267: Check all realloc error paths.

--- a/jbig2.c
+++ b/jbig2.c
@@ -336,8 +336,8 @@
 	  ctx->buf_rd_ix += header_size;
 
 	  if (ctx->n_segments == ctx->n_segments_max)
-	    ctx->segments = (Jbig2Segment **)jbig2_realloc(ctx->allocator,
-                ctx->segments, (ctx->n_segments_max <<= 2) * sizeof(Jbig2Segment *));
+              ctx->segments = jbig2_renew(ctx, ctx->segments, Jbig2Segment*,
+                  (ctx->n_segments_max <<= 2));
 
 	  ctx->segments[ctx->n_segments++] = segment;
 	  if (ctx->state == JBIG2_FILE_RANDOM_HEADERS)
--- a/jbig2_huffman.c
+++ b/jbig2_huffman.c
@@ -586,8 +586,8 @@
             NTEMP++;
         }
         if (NTEMP != lines_max) {
-            Jbig2HuffmanLine *new_line = (Jbig2HuffmanLine *)jbig2_realloc(ctx->allocator,
-                                                    line, sizeof(Jbig2HuffmanLine) * NTEMP);
+            Jbig2HuffmanLine *new_line = jbig2_renew(ctx, line,
+                Jbig2HuffmanLine, NTEMP);
             if ( new_line == NULL ) {
                 jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
                                 "Could not reallocate Huffman Table Lines");
--- a/jbig2_page.c
+++ b/jbig2_page.c
@@ -82,8 +82,8 @@
             index++;
             if (index >= ctx->max_page_index) {
                 /* grow the list */
-		ctx->pages = (Jbig2Page*)jbig2_realloc(ctx->allocator, ctx->pages,
-			(ctx->max_page_index <<= 2) * sizeof(Jbig2Page));
+		ctx->pages = jbig2_renew(ctx, ctx->pages, Jbig2Page,
+                    (ctx->max_page_index <<= 2));
                 for (j=index; j < ctx->max_page_index; j++) {
                     ctx->pages[j].state = JBIG2_PAGE_FREE;
                     ctx->pages[j].number = 0;
--- a/jbig2_symbol_dict.c
+++ b/jbig2_symbol_dict.c
@@ -776,6 +776,7 @@
   jbig2_free(ctx->allocator, GB_stats);
 
 cleanup2:
+  jbig2_sd_release(ctx, SDNEWSYMS);
   jbig2_free(ctx->allocator, SDNEWSYMWIDTHS);
   jbig2_release_huffman_table(ctx, SDHUFFRDX);
   jbig2_free(ctx->allocator, hs);
@@ -822,11 +823,6 @@
   params.SDTEMPLATE = (flags >> 10) & 3;
   params.SDRTEMPLATE = (flags >> 12) & 1;
 
-  params.SDHUFFDH = NULL;
-  params.SDHUFFDW = NULL;
-  params.SDHUFFBMSIZE = NULL;
-  params.SDHUFFAGGINST = NULL;
-
   if (params.SDHUFF) {
     switch ((flags & 0x000c) >> 2) {
       case 0: /* Table B.4 */
@@ -959,10 +955,6 @@
 	goto too_short;
       memcpy(params.sdrat, segment_data + offset, 4);
       offset += 4;
-  } else {
-      /* sdrat is meaningless if SDRTEMPLATE is 1, but set a value
-         to avoid confusion if anybody looks */
-      memset(params.sdrat, 0, 4);
   }
 
   if (offset + 8 > segment->data_length)
--- a/jbig2_text.c
+++ b/jbig2_text.c
@@ -421,6 +421,7 @@
     if (params->SBHUFF) {
       jbig2_release_huffman_table(ctx, SBSYMCODES);
     }
+    jbig2_huffman_free(ctx, hs);
 
     return code;
 }
@@ -931,6 +932,7 @@
         jbig2_release_huffman_table(ctx, params.SBHUFFRDH);
         jbig2_release_huffman_table(ctx, params.SBHUFFRSIZE);
     }
+    jbig2_free(ctx->allocator, dicts);
 
     return code;