diff options
| author | Robin Watts <Robin.Watts@artifex.com> | 2022-03-08 14:29:00 +0000 |
|---|---|---|
| committer | Robin Watts <Robin.Watts@artifex.com> | 2022-03-08 16:15:51 +0000 |
| commit | 845f22321c7f1b81a4bede5ee83aada2c2bb5f82 (patch) | |
| tree | 3fe3d65e330301c082425ef7b28573bf0e674e82 /base/gsicc_cache.c | |
| parent | a08eecb4fea01465422f1d1d2e6fb98325762fee (diff) | |
| download | ghostpdl-845f22321c7f1b81a4bede5ee83aada2c2bb5f82.tar.gz | |
Fix SEGV on free of PostRenderProfile link in gs.
gs_malloc sneakily inserts a "->non_gc_memory" in before mallocing,
so attempting to free the same object later using gs_free_object
will fail unless we do the same there.
This causes the free of a PostRenderProfile link to fail when
stable_memory != non_gc_memory.
Fix here, by avoiding using gs_malloc and being explicit about
which memory pointer to use.
Diffstat (limited to 'base/gsicc_cache.c')
| -rw-r--r-- | base/gsicc_cache.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/base/gsicc_cache.c b/base/gsicc_cache.c index bdf57bde6..13eb003a6 100644 --- a/base/gsicc_cache.c +++ b/base/gsicc_cache.c @@ -181,15 +181,16 @@ gsicc_alloc_link_dev(gs_memory_t *memory, cmm_profile_t *src_profile, gsicc_link_t *result; int cms_flags = 0; - result = (gsicc_link_t*) gs_malloc(memory->stable_memory, 1, + memory = memory->non_gc_memory; + result = (gsicc_link_t*)gs_alloc_byte_array(memory, 1, sizeof(gsicc_link_t), "gsicc_alloc_link_dev"); if (result == NULL) return NULL; - result->lock = gx_monitor_label(gx_monitor_alloc(memory->stable_memory), + result->lock = gx_monitor_label(gx_monitor_alloc(memory), "gsicc_link_new"); if (result->lock == NULL) { - gs_free_object(memory->stable_memory, result, "gsicc_alloc_link(lock)"); + gs_free_object(memory, result, "gsicc_alloc_link(lock)"); return NULL; } gx_monitor_enter(result->lock); @@ -214,35 +215,35 @@ gsicc_alloc_link_dev(gs_memory_t *memory, cmm_profile_t *src_profile, result->includes_devlink = 0; result->is_identity = false; result->valid = true; - result->memory = memory->stable_memory; + result->memory = memory; if_debug1m('^', result->memory, "[^]icclink "PRI_INTPTR" init = 1\n", (intptr_t)result); if (src_profile->profile_handle == NULL) { src_profile->profile_handle = gsicc_get_profile_handle_buffer( - src_profile->buffer, src_profile->buffer_size, memory->stable_memory); + src_profile->buffer, src_profile->buffer_size, memory); } if (des_profile->profile_handle == NULL) { des_profile->profile_handle = gsicc_get_profile_handle_buffer( - des_profile->buffer, des_profile->buffer_size, memory->stable_memory); + des_profile->buffer, des_profile->buffer_size, memory); } /* Check for problems.. */ if (src_profile->profile_handle == 0 || des_profile->profile_handle == 0) { - gs_free_object(memory->stable_memory, result, "gsicc_alloc_link_dev"); + gs_free_object(memory, result, "gsicc_alloc_link_dev"); return NULL; } /* [0] is chunky, littleendian, noalpha, 16-in, 16-out */ result->link_handle = gscms_get_link(src_profile->profile_handle, des_profile->profile_handle, rendering_params, cms_flags, - memory->stable_memory); + memory); /* Check for problems.. */ if (result->link_handle == NULL) { - gs_free_object(memory->stable_memory, result, "gsicc_alloc_link_dev"); + gs_free_object(memory, result, "gsicc_alloc_link_dev"); return NULL; } |