dnrops
/
tectonic
mirror of https://github.com/tectonic-typesetting/tectonic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Plug memory leaks identified by fuzzer+Valgrind

This commit is contained in:
Peter Williams 2021-10-20 00:27:14 -04:00
parent 41ad163c5b
commit b6d0566642
4 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crates/engine_xetex/xetex/xetex-ext.c
View File

@ -218,6 +218,8 @@ load_mapping_file(const char* s, const char* e, char byteMapping)
font_mapping_warning(buffer, strlen(buffer), 2); /* not loadable */ font_mapping_warning(buffer, strlen(buffer), 2); /* not loadable */
else if (get_tracing_fonts_state() > 1) else if (get_tracing_fonts_state() > 1)
font_mapping_warning(buffer, strlen(buffer), 0); /* tracing */ font_mapping_warning(buffer, strlen(buffer), 0); /* tracing */
free(mapping);
} else { } else {
font_mapping_warning(buffer, strlen(buffer), 1); /* not found */ font_mapping_warning(buffer, strlen(buffer), 1); /* not found */
} }

14
crates/engine_xetex/xetex/xetex-ini.c
View File

@ -3,6 +3,13 @@
Licensed under the MIT License. Licensed under the MIT License.
*/ */
/* On Windows this can bring in a `#define INPUT` that clashes with
* xetex_format.h, so include it first and sanitize: */
#include "teckit-c-Engine.h"
#ifdef INPUT
#undef INPUT
#endif
#include "xetex-core.h" #include "xetex-core.h"
#include "xetex-xetexd.h" #include "xetex-xetexd.h"
#include "xetex-synctex.h" #include "xetex-synctex.h"
@ -2764,7 +2771,7 @@ load_fmt_file(void)
font_ptr = x; font_ptr = x;
font_mapping = xmalloc_array(void *, font_max); font_mapping = xcalloc_array(void *, font_max);
font_layout_engine = xcalloc_array(void *, font_max); font_layout_engine = xcalloc_array(void *, font_max);
font_flags = xmalloc_array(char, font_max); font_flags = xmalloc_array(char, font_max);
font_letter_space = xmalloc_array(scaled_t, font_max); font_letter_space = xmalloc_array(scaled_t, font_max);
@ -3508,6 +3515,11 @@ tt_cleanup(void) {
release_font_engine(font_layout_engine[font_k], font_area[font_k]); release_font_engine(font_layout_engine[font_k], font_area[font_k]);
font_layout_engine[font_k] = NULL; font_layout_engine[font_k] = NULL;
} }
if (font_mapping[font_k] != NULL) {
TECkit_DisposeConverter((TECkit_Converter) font_mapping[font_k]);
font_mapping[font_k] = NULL;
}
} }
for (int i = 1; i <= in_open; i++) { for (int i = 1; i <= in_open; i++) {

12
crates/pdf_io/pdf_io/dpx-pdfdraw.c
View File

@ -878,7 +878,7 @@ typedef struct pdf_gstate_
pdf_obj *extgstate; pdf_obj *extgstate;
} pdf_gstate; } pdf_gstate;
static dpx_stack gs_stack; static dpx_stack gs_stack = { 0, NULL, NULL };
static void static void
init_a_gstate (pdf_gstate *gs) init_a_gstate (pdf_gstate *gs)
@ -1112,6 +1112,16 @@ pdf_dev_init_gstates (void)
{ {
pdf_gstate *gs; pdf_gstate *gs;
/* Tectonic: this function is called twice in the xdvipdfmx driver init,
* resulting in a small amount of leaked memory. We statically initialize the
* stack variable to make it possible to safely avoid the leak in this
* situation. */
while ((gs = dpx_stack_pop(&gs_stack)) != NULL) {
clear_a_gstate(gs);
free(gs);
}
dpx_stack_init(&gs_stack); dpx_stack_init(&gs_stack);
gs = NEW(1, pdf_gstate); gs = NEW(1, pdf_gstate);

7
fuzz/run-fuzzer.sh
View File

@ -1,4 +1,11 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# NOTE: install `llvm-dev` or whichever package provides `llvm-symbolizer` if
# you want your stack traces to have any useful information! Otherwise none of
# the binary addresses are decoded when the fuzzer finds problems. You may also
# need to add the `-D` flag to `cargo fuzz run` to get more meaningful
# backtraces, at the expense of the fuzzer running much slower.
set -e set -e
set -o pipefail set -o pipefail
HERE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" HERE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"