Crash/Exception with option textord_heavy_nr=1

[jam-codx]

Environment

• Tesseract Version: 5.2.0
• Platform: Windows10 64-Bit, running Tesseract 32-Bit Debug

Current Behavior:

• Crash/Exception with option textord_heavy_nr=1
• Call: tesseract.exe test.bmp stdout --tessdata-dir %DataDir% -l deu --psm 6 -c textord_heavy_nr=1
• Not dependent on image
• The value 0xDDDDDDDD is used by Microsoft's C++ debugging heap to mark freed heap memory
• Same error with Tesseract 5.1.0
• Build:
  cmake -B %BuildDir% -S %SourceDir% -G "Visual Studio 15 2017" -A Win32 -DSW_BUILD=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON -DCMAKE_TOOLCHAIN_FILE=%VcpkgToolchain% -DBUILD_TRAINING_TOOLS=OFF -DHAVE_LIBCURL=OFF -DHAVE_LIBARCHIVE=OFF -DDISABLED_LEGACY_ENGINE=ON -DCMAKE_INSTALL_PREFIX=%InstallDir% -DDISABLE_ARCHIVE=ON -DDISABLE_CURL=ON
  cmake --build %BuildDir% --config Debug --target INSTALL --clean-first

---

Expected Behavior:

No Exception

Suggested Fix:

[stweil]

It looks like a double free here:

#5  0x000000000047af0c in tesseract::BLOBNBOX::~BLOBNBOX (this=0x154c410) at ../../../src/ccstruct/blobbox.h:154
154	      delete cblob_ptr;

[stweil]

tesseract --dpi 300 https://user-images.githubusercontent.com/3341558/179373903-ef6cc246-f4e5-4633-a762-ded4dd22708f.jpg - -c textord_heavy_nr=1
=================================================================
==1511914==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000ad0e18 at pc 0x00000057532d bp 0x7ffe8d1cb660 sp 0x7ffe8d1cb658
READ of size 8 at 0x602000ad0e18 thread T0
    #0 0x57532c in tesseract::ELIST::empty() const /tesseract/bin/debug/clang,sanitize/../../../src/ccutil/elst.h:125:13
    #1 0x164d2db in tesseract::ELIST::internal_clear(void (*)(void*)) /tesseract/bin/debug/clang,sanitize/../../../src/ccutil/elst.cpp:42:8
    #2 0x63a809 in tesseract::X_LIST<tesseract::ELIST, tesseract::ELIST_ITERATOR, tesseract::C_OUTLINE>::clear() /tesseract/bin/debug/clang,sanitize/../../../src/ccutil/list.h:54:16
    #3 0x63a677 in tesseract::X_LIST<tesseract::ELIST, tesseract::ELIST_ITERATOR, tesseract::C_OUTLINE>::~X_LIST() /tesseract/bin/debug/clang,sanitize/../../../src/ccutil/list.h:49:5
    #4 0x63a60a in tesseract::C_OUTLINE_LIST::~C_OUTLINE_LIST() /tesseract/bin/debug/clang,sanitize/../../../src/ccstruct/coutln.h:74:1
    #5 0x63a5a0 in tesseract::C_BLOB::~C_BLOB() /tesseract/bin/debug/clang,sanitize/../../../src/ccstruct/stepblob.h:40:16
    #6 0x8c1401 in tesseract::BLOBNBOX::~BLOBNBOX() /tesseract/bin/debug/clang,sanitize/../../../src/ccstruct/blobbox.h:154:7
    #7 0x1ad5577 in tesseract::vigorous_noise_removal(tesseract::TO_BLOCK*) /tesseract/bin/debug/clang,sanitize/../../../src/textord/makerow.cpp:550:9
[...]
0x602000ad0e18 is located 8 bytes inside of 16-byte region [0x602000ad0e10,0x602000ad0e20)
freed by thread T0 here:
    #0 0x4dcf3d in operator delete(void*) (/tesseract/bin/debug/clang,sanitize/tesseract+0x4dcf3d)
    #1 0x1ad5512 in tesseract::vigorous_noise_removal(tesseract::TO_BLOCK*) /tesseract/bin/debug/clang,sanitize/../../../src/textord/makerow.cpp:549:9
    #2 0x19e53a9 in tesseract::BaselineBlock::PrepareForSplineFitting(tesseract::ICOORD, bool) /tesseract/bin/debug/clang,sanitize/../../../src/textord/baselinedetect.cpp:562:5
[...]

[stweil]

The issue is fixed in commit ee34b10.