Bug 65553

Summary: mismatched free/delete
Product: poppler Reporter: Christian Persch (GNOME) <chpe>
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Christian Persch (GNOME) 2013-06-08 23:23:26 UTC 
==11960== Thread 3:
==11960== Mismatched free() / delete / delete []
==11960==    at 0x4028E4E: operator delete(void*) (vg_replace_malloc.c:457)
==11960==    by 0x223475EC: TextStringToUCS4(GooString*, unsigned int**) (UTF.cc:104)
==11960==    by 0x2236FC0A: ActualText::end(GfxState*) (TextOutputDev.cc:5247)
==11960==    by 0x2221BB22: CairoOutputDev::endActualText(GfxState*) (CairoOutputDev.cc:1373)
==11960==    by 0x222EA77C: Gfx::opEndMarkedContent(Object*, int) (Gfx.cc:5111)
==11960==    by 0x222E4AE5: Gfx::execOp(Object*, Object*, int) (Gfx.cc:856)
==11960==    by 0x222EC1BA: Gfx::go(bool) (Gfx.cc:715)
==11960==    by 0x222EC651: Gfx::display(Object*, bool) (Gfx.cc:681)
==11960==    by 0x2440AA8F: ???
==11960==  Address 0x257090b8 is 0 bytes inside a block of size 4 alloc'd
==11960==    at 0x40295B5: operator new[](unsigned int) (vg_replace_malloc.c:343)
==11960==    by 0x223475A4: TextStringToUCS4(GooString*, unsigned int**) (UTF.cc:99)
==11960==    by 0x2236FC0A: ActualText::end(GfxState*) (TextOutputDev.cc:5247)
==11960==    by 0x2221BB22: CairoOutputDev::endActualText(GfxState*) (CairoOutputDev.cc:1373)
==11960==    by 0x222EA77C: Gfx::opEndMarkedContent(Object*, int) (Gfx.cc:5111)
==11960==    by 0x222E4AE5: Gfx::execOp(Object*, Object*, int) (Gfx.cc:856)
==11960==    by 0x222EC1BA: Gfx::go(bool) (Gfx.cc:715)
==11960==    by 0x222EC651: Gfx::display(Object*, bool) (Gfx.cc:681)
==11960==    by 0x2440AA8F: ???


Code is here (master and 0.22 branch):

      utf16 = new Unicode[len];
      for (i = 0 ; i < len; i++) {
        utf16[i] = (s[2 + i*2] & 0xff) << 8 | (s[3 + i*2] & 0xff);
      }
      len = UTF16toUCS4(utf16, len, &u);
!!!   delete utf16;
Comment 1 Albert Astals Cid 2013-06-09 10:05:52 UTC 
Fix commited, thanks for the report

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.