diff options
author | Robin Watts <robin.watts@artifex.com> | 2019-01-04 17:53:58 +0000 |
---|---|---|
committer | Robin Watts <robin.watts@artifex.com> | 2019-01-07 13:13:52 +0000 |
commit | 763a5f4c3bf94cd7cc3d9fcdcde3d7cac4f38796 (patch) | |
tree | 200cf92ce201ba0efa632b783e8c7d45688f759b /base/gp.h | |
parent | 2b0bfd775e43232ec488b8131b8dc014eb09d5aa (diff) | |
download | ghostpdl-763a5f4c3bf94cd7cc3d9fcdcde3d7cac4f38796.tar.gz |
Bug 696368: Avoid a garbage collection crash.
The bulk of this analysis and patch is due to Ken.
We can occasionally hit crashes when dealing with patterns. Ken
tracked this down to the 'dirty' pointer in the gx_pattern_trans_t
not being relocated in a garbage collection operation, and hence
ending up pointing to a random address.
His proposed fix was to change the 'dirty' pointer to be a pointer
to the actual pdf14_buf that contained the dirty rectangle, and to
ensure that it was properly enumerated in gc operations. This largely
solved the issues, but left a crash.
This crash was due to pdf14_get_buffer_information returning
a pointer to buf, even when it closed the device and hence freed
buf. This didn't normally affect the caller in as it never accessed
through the pointer, but *did* trip up any garbage collection that
happened while the pointer was extant.
The fix is simply to only have pdf14_get_buffer_information return a
pointer to buf iff buf will actually be around when we return.
Diffstat (limited to 'base/gp.h')
0 files changed, 0 insertions, 0 deletions