From 4704fcacb1226d5194046df05acbbf2d57261c81 Mon Sep 17 00:00:00 2001 From: Stefan Weil <sw@weilnetz.de> Date: Fri, 2 Dec 2016 22:17:41 +0100 Subject: [PATCH 1/2] cube: Fix use after free regression Coverity report: CID 1366758: Memory - corruptions (USE_AFTER_FREE) Calling "operator delete[]" frees pointer "label32" which has already been freed. Commit f60ff4d57560b2daf03951015dd188446ce50024 fixed several memory leaks but also added this wrong delete operation. label32 is assigned to char_samp->label32_, so it is freed when deleting char_samp. Signed-off-by: Stefan Weil <sw@weilnetz.de> --- cube/char_samp.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/cube/char_samp.cpp b/cube/char_samp.cpp index 4b9887e4e4..f55735be0e 100644 --- a/cube/char_samp.cpp +++ b/cube/char_samp.cpp @@ -166,7 +166,6 @@ CharSamp *CharSamp::FromCharDumpFile(CachedFile *fp) { // load the Bmp8 part if (char_samp->LoadFromCharDumpFile(fp) == false) { delete char_samp; - delete [] label32; return NULL; } return char_samp; From 7e3ff36080115bf06d0447fcaaf71f9bf270ece9 Mon Sep 17 00:00:00 2001 From: Stefan Weil <sw@weilnetz.de> Date: Fri, 2 Dec 2016 22:25:00 +0100 Subject: [PATCH 2/2] cube: Fix coverity warning caused by unneeded null pointer check Commit 03eec61a2f0bbcbc0b1b612fd4693ba70ce66678 removed unneeded null pointer checks after new, but missed one which now raises a warning from coverity scan. Remove that one, too. Signed-off-by: Stefan Weil <sw@weilnetz.de> --- ccmain/cube_control.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ccmain/cube_control.cpp b/ccmain/cube_control.cpp index 8270e4f350..50f7512dd1 100644 --- a/ccmain/cube_control.cpp +++ b/ccmain/cube_control.cpp @@ -182,10 +182,8 @@ bool Tesseract::init_cube_objects(bool load_combiner, if (!tess_cube_combiner_->LoadCombinerNet()) { delete cube_cntxt_; cube_cntxt_ = NULL; - if (tess_cube_combiner_ != NULL) { - delete tess_cube_combiner_; - tess_cube_combiner_ = NULL; - } + delete tess_cube_combiner_; + tess_cube_combiner_ = NULL; if (cube_debug_level > 0) tprintf("Cube ERROR (Failed to instantiate TesseractCubeCombiner\n"); return false;