diff -up ghostscript-8.71/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef ghostscript-8.71/jbig2dec/jbig2_symbol_dict.c
--- ghostscript-8.71/jbig2dec/jbig2_symbol_dict.c.jbig2dec-nullderef	2009-05-29 07:48:44.000000000 +0100
+++ ghostscript-8.71/jbig2dec/jbig2_symbol_dict.c	2010-02-17 12:06:42.040614797 +0000
@@ -367,6 +367,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
 		  memcpy(region_params.gbat, params->sdat, sdat_bytes);
 
 		  image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
+		  if (image == NULL) {
+		      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+				  "failed to allocate image storage");
+		      return NULL;
+		  }
 
 		  code = jbig2_decode_generic_region(ctx, segment, &region_params,
 						     as, image, GB_stats);
@@ -517,6 +522,11 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
 			ID, RDX, RDY);
 
 		      image = jbig2_image_new(ctx, SYMWIDTH, HCHEIGHT);
+		      if (image == NULL) {
+			  jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+				      "failed to allocate image storage");
+			  return NULL;
+		      }
 
 		      /* Table 18 */
 		      rparams.GRTEMPLATE = params->SDRTEMPLATE;
@@ -635,6 +645,16 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
 	for (j = HCFIRSTSYM; j < NSYMSDECODED; j++) {
 	  Jbig2Image *glyph;
 	  glyph = jbig2_image_new(ctx, SDNEWSYMWIDTHS[j], HCHEIGHT);
+	  if (glyph == NULL) {
+	      jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+			  "error allocating image storage for glyph");
+	      while (--j >= HCFIRSTSYM) {
+		  jbig2_image_release(ctx, SDNEWSYMS->glyphs[j]);
+		  SDNEWSYMS->glyphs[j] = NULL;
+	      }
+	      jbig2_image_release(ctx, image);
+	      return NULL;
+	  }
 	  jbig2_image_compose(ctx, glyph, image,
 		-x, 0, JBIG2_COMPOSE_REPLACE);
 	  x += SDNEWSYMWIDTHS[j];