Hi, On Wed, Nov 24, 2010 at 9:30 PM, Albert Astals Cid <[email protected]> wrote: > Hi Hib, got a pdf that has a loop in pages and it is aborting because uses an > already freed object, looking at the code i see > > for (size_t i = 0; i < pagesRefList->size(); i++) { > if (((*pagesRefList)[i]).num == kidRef.getRefNum()) { > error(-1, "Loop in Pages tree"); > kidRef.free(); > kids.free(); > kidsIdxList->back()++; > continue; > } > } > > Object kid; > kids.arrayGet(kidsIdx, &kid); > > So we are free'ing kids, doing continue to quit the loop and the using kids. > > Wonder if that continue should be a return gFalse?
Hmmm, my intention was to be fault tolerant and skip over the loop and continue with the next page. Clearly, that is not what the code does right now. Please consider the attached patch. Hib
From c1021fe034cfb6c2c11290cfb7c89d8b6930fdb7 Mon Sep 17 00:00:00 2001 From: Hib Eris <[email protected]> Date: Thu, 25 Nov 2010 10:36:38 +0000 Subject: [PATCH] Skip over loops in Pages tree --- poppler/Catalog.cc | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-) diff --git a/poppler/Catalog.cc b/poppler/Catalog.cc index 0beee76..297cac5 100644 --- a/poppler/Catalog.cc +++ b/poppler/Catalog.cc @@ -320,15 +320,20 @@ GBool Catalog::cachePageTree(int page) return gFalse; } + GBool loop = gFalse;; for (size_t i = 0; i < pagesRefList->size(); i++) { if (((*pagesRefList)[i]).num == kidRef.getRefNum()) { - error(-1, "Loop in Pages tree"); - kidRef.free(); - kids.free(); - kidsIdxList->back()++; - continue; + loop = gTrue; + break; } } + if (loop) { + error(-1, "Loop in Pages tree"); + kidRef.free(); + kids.free(); + kidsIdxList->back()++; + continue; + } Object kid; kids.arrayGet(kidsIdx, &kid); -- 1.7.1
_______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
