summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkcwu <kcwu@chromium.org>2016-09-26 12:00:31 -0700
committerCommit bot <commit-bot@chromium.org>2016-09-26 12:00:31 -0700
commit87c658d72ec1e2167fe60d97dcc1ca0301e920ea (patch)
treef34da42fc0d0fa689ab713591e9d259c76d921e2
parentbfe9afc2ab1d883bb036a1c3b35b429229708875 (diff)
downloadpdfium-87c658d72ec1e2167fe60d97dcc1ca0301e920ea.tar.xz
Fix memory leak in lcms, MPEmatrix_Read
BUG=650277 Review-Url: https://codereview.chromium.org/2371723003
-rw-r--r--third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch30
-rw-r--r--third_party/lcms2-2.6/README.pdfium1
-rw-r--r--third_party/lcms2-2.6/src/cmstypes.c12
3 files changed, 41 insertions, 2 deletions
diff --git a/third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch b/third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch
new file mode 100644
index 0000000000..93ee3d3fde
--- /dev/null
+++ b/third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch
@@ -0,0 +1,30 @@
+diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c
+index 441d6bb..15199c7 100644
+--- a/third_party/lcms2-2.6/src/cmstypes.c
++++ b/third_party/lcms2-2.6/src/cmstypes.c
+@@ -4203,7 +4203,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io
+
+ cmsFloat32Number v;
+
+- if (!_cmsReadFloat32Number(io, &v)) return NULL;
++ if (!_cmsReadFloat32Number(io, &v)) {
++ _cmsFree(self ->ContextID, Matrix);
++ _cmsFree(self ->ContextID, Offsets);
++ return NULL;
++ }
+ Matrix[i] = v;
+ }
+
+@@ -4212,7 +4216,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io
+
+ cmsFloat32Number v;
+
+- if (!_cmsReadFloat32Number(io, &v)) return NULL;
++ if (!_cmsReadFloat32Number(io, &v)) {
++ _cmsFree(self ->ContextID, Matrix);
++ _cmsFree(self ->ContextID, Offsets);
++ return NULL;
++ }
+ Offsets[i] = v;
+ }
+
diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium
index 4fcd32b18e..29479392c4 100644
--- a/third_party/lcms2-2.6/README.pdfium
+++ b/third_party/lcms2-2.6/README.pdfium
@@ -17,4 +17,5 @@ Local Modifications:
0005-memory-leak-AllocEmptyTransform.patch: Fix memory leak in AllocEmptyTransform.
0006-memory-leak-Type_NamedColor_Read.patch: Fix memory leak in Type_NamedColor_Read.
0007-memory-leak-OptimizeByResampling.patch: Fix memory leak in OptimizeByResampling.
+0008-memory-leak-Type_MPEmatrix_Read.patch: Fix memory leak in MPEmatrix_Read.
TODO(ochang): List other patches.
diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c
index 441d6bb241..15199c7084 100644
--- a/third_party/lcms2-2.6/src/cmstypes.c
+++ b/third_party/lcms2-2.6/src/cmstypes.c
@@ -4203,7 +4203,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io
cmsFloat32Number v;
- if (!_cmsReadFloat32Number(io, &v)) return NULL;
+ if (!_cmsReadFloat32Number(io, &v)) {
+ _cmsFree(self ->ContextID, Matrix);
+ _cmsFree(self ->ContextID, Offsets);
+ return NULL;
+ }
Matrix[i] = v;
}
@@ -4212,7 +4216,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io
cmsFloat32Number v;
- if (!_cmsReadFloat32Number(io, &v)) return NULL;
+ if (!_cmsReadFloat32Number(io, &v)) {
+ _cmsFree(self ->ContextID, Matrix);
+ _cmsFree(self ->ContextID, Offsets);
+ return NULL;
+ }
Offsets[i] = v;
}