ref: 7d17f7bb861b45319140572c786a20c4e044756a
parent: 43a372ee92589199d743b18b8740c4b9aa58be28
author: Sebastian Rasmussen <sebras@gmail.com>
date: Sat May 13 23:31:50 EDT 2017
Fix double free in error case.
--- a/jbig2_symbol_dict.c
+++ b/jbig2_symbol_dict.c
@@ -440,7 +440,6 @@
refagg_dicts[0] = jbig2_sd_new(ctx, params->SDNUMINSYMS + params->SDNUMNEWSYMS);
if (refagg_dicts[0] == NULL) {code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "Out of memory allocating symbol dictionary");
- jbig2_free(ctx->allocator, refagg_dicts);
goto cleanup4;
}
for (i = 0; i < params->SDNUMINSYMS; i++) {@@ -760,7 +759,8 @@
jbig2_free(ctx->allocator, tparams);
}
if (refagg_dicts != NULL) {- jbig2_sd_release(ctx, refagg_dicts[0]);
+ if (refagg_dicts[0] != NULL)
+ jbig2_sd_release(ctx, refagg_dicts[0]);
jbig2_free(ctx->allocator, refagg_dicts);
}