==11960== Thread 3: ==11960== Mismatched free() / delete / delete [] ==11960== at 0x4028E4E: operator delete(void*) (vg_replace_malloc.c:457) ==11960== by 0x223475EC: TextStringToUCS4(GooString*, unsigned int**) (UTF.cc:104) ==11960== by 0x2236FC0A: ActualText::end(GfxState*) (TextOutputDev.cc:5247) ==11960== by 0x2221BB22: CairoOutputDev::endActualText(GfxState*) (CairoOutputDev.cc:1373) ==11960== by 0x222EA77C: Gfx::opEndMarkedContent(Object*, int) (Gfx.cc:5111) ==11960== by 0x222E4AE5: Gfx::execOp(Object*, Object*, int) (Gfx.cc:856) ==11960== by 0x222EC1BA: Gfx::go(bool) (Gfx.cc:715) ==11960== by 0x222EC651: Gfx::display(Object*, bool) (Gfx.cc:681) ==11960== by 0x2440AA8F: ??? ==11960== Address 0x257090b8 is 0 bytes inside a block of size 4 alloc'd ==11960== at 0x40295B5: operator new[](unsigned int) (vg_replace_malloc.c:343) ==11960== by 0x223475A4: TextStringToUCS4(GooString*, unsigned int**) (UTF.cc:99) ==11960== by 0x2236FC0A: ActualText::end(GfxState*) (TextOutputDev.cc:5247) ==11960== by 0x2221BB22: CairoOutputDev::endActualText(GfxState*) (CairoOutputDev.cc:1373) ==11960== by 0x222EA77C: Gfx::opEndMarkedContent(Object*, int) (Gfx.cc:5111) ==11960== by 0x222E4AE5: Gfx::execOp(Object*, Object*, int) (Gfx.cc:856) ==11960== by 0x222EC1BA: Gfx::go(bool) (Gfx.cc:715) ==11960== by 0x222EC651: Gfx::display(Object*, bool) (Gfx.cc:681) ==11960== by 0x2440AA8F: ??? Code is here (master and 0.22 branch): utf16 = new Unicode[len]; for (i = 0 ; i < len; i++) { utf16[i] = (s[2 + i*2] & 0xff) << 8 | (s[3 + i*2] & 0xff); } len = UTF16toUCS4(utf16, len, &u); !!! delete utf16;
Fix commited, thanks for the report
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.