pdfwrite: Don't free copied font object when it's in use

If we spot early on that that we can't create a complete copy of a font (i.e. if the font is incrememntally defined), we discard the attempted complete copy and set the "complete" pointer to the same as the "copied" (subsetted) pointer. But it turns out that, later, there is also a code path that requires discarding the "complete" font, which wasn't accounting for the possibility that the two pointers pointed to the same font object. So, we now check whether the two pointers are the same, and if so, we simply null the "complete" pointer. Fixes oddly hard to reproduce segfaults from the nightly and weekly tests.
author: Chris Liddell <chris.liddell@artifex.com> 2023-03-07 12:10:35 +0000
committer: Chris Liddell <chris.liddell@artifex.com> 2023-03-07 17:43:41 +0000
commit: 690da05d25a73d5639aca5a077693bdb2a3cad0d (patch)
tree: ca4379ac28c7ba4ca3c6154ab0413de3992d5855
parent: 723b1151c623d1758a40747e878fa97f6909ed6b (diff)
download: ghostpdl-690da05d25a73d5639aca5a077693bdb2a3cad0d.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/devices/vector/gdevpdtb.c b/devices/vector/gdevpdtb.c
index bab7995df..138c2a40d 100644
--- a/devices/vector/gdevpdtb.c
+++ b/devices/vector/gdevpdtb.c
@@ -430,7 +430,8 @@ pdf_base_font_drop_complete(pdf_base_font_t *pbfont)
      * free the members which are common to both, so this cast is
      * (at the time of writing) safe.
      */
-    gs_free_copied_font((gs_font *)pbfont->complete);
+    if (pbfont->complete != pbfont->copied)
+        gs_free_copied_font((gs_font *)pbfont->complete);
     pbfont->complete = NULL;
 }
author	Chris Liddell <chris.liddell@artifex.com>	2023-03-07 12:10:35 +0000
committer	Chris Liddell <chris.liddell@artifex.com>	2023-03-07 17:43:41 +0000
commit	690da05d25a73d5639aca5a077693bdb2a3cad0d (patch)
tree	ca4379ac28c7ba4ca3c6154ab0413de3992d5855
parent	723b1151c623d1758a40747e878fa97f6909ed6b (diff)
download	ghostpdl-690da05d25a73d5639aca5a077693bdb2a3cad0d.tar.gz