Browse code
Fix a couple logic bugs
Shawn Webb authored on 2014/06/26 00:23:18Showing 1 changed files
| ... | ... |
@@ -3220,7 +3220,7 @@ static struct pdf_dict *pdf_parse_dict(struct pdf_struct *pdf, struct pdf_obj *o |
| 3220 | 3220 |
{
|
| 3221 | 3221 |
struct pdf_dict *res=NULL; |
| 3222 | 3222 |
struct pdf_dict_node *node=NULL; |
| 3223 |
- const char *objstart = obj->start + pdf->map; |
|
| 3223 |
+ const char *objstart; |
|
| 3224 | 3224 |
char *end; |
| 3225 | 3225 |
unsigned int in_string=0, ninner=0; |
| 3226 | 3226 |
|
| ... | ... |
@@ -3228,6 +3228,8 @@ static struct pdf_dict *pdf_parse_dict(struct pdf_struct *pdf, struct pdf_obj *o |
| 3228 | 3228 |
if (!(pdf) || !(obj) || !(begin)) |
| 3229 | 3229 |
return NULL; |
| 3230 | 3230 |
|
| 3231 |
+ objstart = (const char *)(obj->start + pdf->map); |
|
| 3232 |
+ |
|
| 3231 | 3233 |
if (begin < objstart || begin - objstart >= objsz - 2) |
| 3232 | 3234 |
return NULL; |
| 3233 | 3235 |
|
| ... | ... |
@@ -3377,17 +3379,23 @@ static struct pdf_dict *pdf_parse_dict(struct pdf_struct *pdf, struct pdf_obj *o |
| 3377 | 3377 |
break; |
| 3378 | 3378 |
} |
| 3379 | 3379 |
|
| 3380 |
- if (!(val) && !(dict) && !(arr)) |
|
| 3380 |
+ if (!(val) && !(dict) && !(arr)) {
|
|
| 3381 |
+ free(key); |
|
| 3381 | 3382 |
break; |
| 3383 |
+ } |
|
| 3382 | 3384 |
|
| 3383 | 3385 |
if (!(res->nodes)) {
|
| 3384 | 3386 |
res->nodes = res->tail = node = cli_calloc(1, sizeof(struct pdf_dict_node)); |
| 3385 |
- if (!(node)) |
|
| 3387 |
+ if (!(node)) {
|
|
| 3388 |
+ free(key); |
|
| 3386 | 3389 |
break; |
| 3390 |
+ } |
|
| 3387 | 3391 |
} else {
|
| 3388 | 3392 |
node = calloc(1, sizeof(struct pdf_dict_node)); |
| 3389 |
- if (!(node)) |
|
| 3393 |
+ if (!(node)) {
|
|
| 3394 |
+ free(key); |
|
| 3390 | 3395 |
break; |
| 3396 |
+ } |
|
| 3391 | 3397 |
|
| 3392 | 3398 |
node->prev = res->tail; |
| 3393 | 3399 |
if (res->tail) |