From 8d65c0854c049e4c0c8e08006b595ad40a59e696 Mon Sep 17 00:00:00 2001
From: Robin Watts <robin.watts@artifex.com>
Date: Thu, 28 Mar 2013 21:12:18 +0000
Subject: [PATCH] Another memory squeeze fix.
Avoid SEGV in gsicc_alloc_link_entry and callers.
---
base/gsicc_cache.c | 17 +++++++++++------
base/gsicc_manage.c | 6 ++++--
base/gsicc_nocm.c | 3 +++
base/gsicc_replacecm.c | 3 +++
4 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/base/gsicc_cache.c b/base/gsicc_cache.c
index 616db4c..65b2dd0 100644
--- a/base/gsicc_cache.c
+++ b/base/gsicc_cache.c
@@ -659,12 +659,14 @@ gsicc_alloc_link_entry(gsicc_link_cache_t *icc_link_cache,
/* insert an empty link that we will reserve so we */
/* can unlock while building the link contents */
(*ret_link) = gsicc_alloc_link(cache_mem->stable_memory, hash);
- (*ret_link)->icc_link_cache = icc_link_cache;
- (*ret_link)->next = icc_link_cache->head;
- icc_link_cache->head = *ret_link;
- icc_link_cache->num_links++;
- /* now that we own this link we can release
- the lock since it is not valid */
+ if (*ret_link) {
+ (*ret_link)->icc_link_cache = icc_link_cache;
+ (*ret_link)->next = icc_link_cache->head;
+ icc_link_cache->head = *ret_link;
+ icc_link_cache->num_links++;
+ /* now that we own this link we can release
+ the lock since it is not valid */
+ }
gx_monitor_leave(icc_link_cache->lock);
return false;
}
@@ -794,6 +796,9 @@ gsicc_get_link_profile(const gs_imager_state *pis, gx_device *dev,
if (gsicc_alloc_link_entry(icc_link_cache, &link, hash, include_softproof,
include_devicelink))
return link;
+ if (link == NULL)
+ return NULL;
+
/* Now compute the link contents */
cms_input_profile = gs_input_profile->profile_handle;
if (cms_input_profile == NULL) {
diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
index e0e7d93..210be59 100644
--- a/base/gsicc_manage.c
+++ b/base/gsicc_manage.c
@@ -1521,8 +1521,8 @@ gsicc_set_device_profile(gx_device * pdev, gs_memory_t * mem,
icc_profile =
gsicc_profile_new(str, mem, file_name, strlen(file_name));
code = sfclose(str);
- }
- if (str != NULL && icc_profile != NULL) {
+ if (icc_profile == NULL)
+ return_error(gs_error_VMerror);
if (pro_enum < gsPROOFPROFILE) {
if_debug1m(gs_debug_flag_icc, mem,
"[icc] Setting device profile %d\n", pro_enum);
@@ -1542,6 +1542,8 @@ gsicc_set_device_profile(gx_device * pdev, gs_memory_t * mem,
gsicc_get_profile_handle_buffer(icc_profile->buffer,
icc_profile->buffer_size,
mem);
+ if (icc_profile->profile_handle == NULL)
+ return_error(gs_error_unknownerror);
/* Compute the hash code of the profile. Everything in the
ICC manager will have it's hash code precomputed */
gsicc_get_icc_buff_hash(icc_profile->buffer,
diff --git a/base/gsicc_nocm.c b/base/gsicc_nocm.c
index 8b2a353..bcc3138 100644
--- a/base/gsicc_nocm.c
+++ b/base/gsicc_nocm.c
@@ -372,6 +372,9 @@ gsicc_nocm_get_link(const gs_imager_state *pis, gx_device *dev,
if (gsicc_alloc_link_entry(pis->icc_link_cache, &result, hash, false, false))
return result;
+ if (result == NULL)
+ return NULL;
+
/* Now compute the link contents */
result->procs.map_buffer = gsicc_nocm_transform_color_buffer;
result->procs.map_color = gsicc_nocm_transform_color;
diff --git a/base/gsicc_replacecm.c b/base/gsicc_replacecm.c
index 1a7c9e6..d1ab5ea 100644
--- a/base/gsicc_replacecm.c
+++ b/base/gsicc_replacecm.c
@@ -330,6 +330,9 @@ gsicc_rcm_get_link(const gs_imager_state *pis, gx_device *dev,
if (gsicc_alloc_link_entry(pis->icc_link_cache, &result, hash, false, false))
return result;
+ if (result == NULL)
+ return result;
+
/* Now compute the link contents */
result->procs.map_buffer = gsicc_rcm_transform_color_buffer;
result->procs.map_color = gsicc_rcm_transform_color;
--
2.5.5