Patch for Bug #2652

From: Robert Wilhelm (robert@gaston.camelot.de)
Date: Mon Mar 04 2002 - 23:31:11 GMT

Next message: Martin Sevior: "Re: Paging doctor Martin :)"

Previous message: Michael D. Pritchett: "commit - Win32 Incremental Load w/ Dynamic Zooming"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When loading the word document in Bug number 2652,
I get a segfault due to a double free.
The destructor of FG_GraphicRaster called from
IE_ImpGraphic_PNG::importGraphic (line 73) (error case)
and later the DELETEP(pictData)
in ie_imp_MsWord97.cpp
line 2477 (IE_Imp_MsWord_97::_handleImage) free the same pointer.

My patch solves this problem by seting m_bOwnPNG = false and therefore
the destructor of FG_GraphicRaster will not delete the buffer.

Note there is now a memory leak in the non error case,
the two DELETEP at the end of IE_Imp_MsWord_97::_handleImage
should propably made "alive" again, after careful inspection
of all code paths.

Cleanup:
//DELETEP(pictData);
//DELETEP(pFG);

Robert

text/plain attachment: diff

Next message: Martin Sevior: "Re: Paging doctor Martin :)"
Previous message: Michael D. Pritchett: "commit - Win32 Incremental Load w/ Dynamic Zooming"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Mar 04 2002 - 18:43:04 GMT