diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-02-23 15:55:32 -0500 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-02-24 21:15:10 +0000 |
| commit | 0b6447a7231b5263d10f2bd9be3088f93af9629f (patch) | |
| tree | cbcf225a00bbfed9dddd499373f7517c183e5425 | |
| parent | 37e2bd1acf843db4eef891d994390520b8fcf3fa (diff) | |
| download | pdfium-0b6447a7231b5263d10f2bd9be3088f93af9629f.tar.xz | |
Libtiff: fix leaking tables in tif_ojpeg.c
Tables should be freed before they are reassigned. This CL fixes the three
places where this is not happening.
BUG=694599
Change-Id: I4e7cf1a6354b1129ecaf7ddcc74d8a36ba289df7
Reviewed-on: https://pdfium-review.googlesource.com/2830
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
| -rw-r--r-- | third_party/libtiff/0021-fix-leaks-ojpegreaderinfosectables.patch | 31 | ||||
| -rw-r--r-- | third_party/libtiff/README.pdfium | 1 | ||||
| -rw-r--r-- | third_party/libtiff/tif_ojpeg.c | 6 |
3 files changed, 38 insertions, 0 deletions
diff --git a/third_party/libtiff/0021-fix-leaks-ojpegreaderinfosectables.patch b/third_party/libtiff/0021-fix-leaks-ojpegreaderinfosectables.patch new file mode 100644 index 0000000000..13aef44d91 --- /dev/null +++ b/third_party/libtiff/0021-fix-leaks-ojpegreaderinfosectables.patch @@ -0,0 +1,31 @@ +diff --git a/third_party/libtiff/tif_ojpeg.c b/third_party/libtiff/tif_ojpeg.c +index f69b00148..1a700d5bc 100644 +--- a/third_party/libtiff/tif_ojpeg.c ++++ b/third_party/libtiff/tif_ojpeg.c +@@ -1794,6 +1794,8 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif) + _TIFFfree(ob); + return(0); + } ++ if(sp->qtable[m]!=0) ++ _TIFFfree(sp->qtable[m]); + sp->qtable[m]=ob; + sp->sof_tq[m]=m; + } +@@ -1861,6 +1863,8 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif) + _TIFFfree(rb); + return(0); + } ++ if(sp->dctable[m]!=0) ++ _TIFFfree(sp->dctable[m]); + sp->dctable[m]=rb; + sp->sos_tda[m]=(m<<4); + } +@@ -1928,6 +1932,8 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif) + _TIFFfree(rb); + return(0); + } ++ if(sp->actable[m]) ++ _TIFFfree(sp->actable[m]); + sp->actable[m]=rb; + sp->sos_tda[m]=(sp->sos_tda[m]|m); + } diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index 219b3a73b0..e4436d21fd 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -30,3 +30,4 @@ Local Modifications: 0018-fix-leak-in-PredictorSetupDecode.patch: call tif->tif_cleanup if the setup fails. 0019-fix-invalid-reads-TIFFFetchNormalTag.patch: upstream security fix in tif_dirread. 0020-unreasonable-td-bitspersample.patch: upstream patch ignoring large td_bitspersample. +0021-fix-leaks-ojpegreaderinfosectables.patch: more direct leak fixes in tif_ojpeg.c. diff --git a/third_party/libtiff/tif_ojpeg.c b/third_party/libtiff/tif_ojpeg.c index f69b00148c..1a700d5bc2 100644 --- a/third_party/libtiff/tif_ojpeg.c +++ b/third_party/libtiff/tif_ojpeg.c @@ -1794,6 +1794,8 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif) _TIFFfree(ob); return(0); } + if(sp->qtable[m]!=0) + _TIFFfree(sp->qtable[m]); sp->qtable[m]=ob; sp->sof_tq[m]=m; } @@ -1861,6 +1863,8 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif) _TIFFfree(rb); return(0); } + if(sp->dctable[m]!=0) + _TIFFfree(sp->dctable[m]); sp->dctable[m]=rb; sp->sos_tda[m]=(m<<4); } @@ -1928,6 +1932,8 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif) _TIFFfree(rb); return(0); } + if(sp->actable[m]) + _TIFFfree(sp->actable[m]); sp->actable[m]=rb; sp->sos_tda[m]=(sp->sos_tda[m]|m); } |