diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-05-08 15:42:15 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-05-08 20:47:27 +0000 |
| commit | 87ba200028c0bebc63355e11a9c5de9211722f32 (patch) | |
| tree | e0d04f7ff384aea8497033010f248b114fa88e10 | |
| parent | 615bb96eb26570fd87004e2fa6f42eca0dbf79cd (diff) | |
| download | pdfium-87ba200028c0bebc63355e11a9c5de9211722f32.tar.xz | |
[LCMS] Upstream direct leak fix
This CL applies the following upstream patch:
https://github.com/mm2/Little-CMS/commit/02c95fa76bdc4f73113373070278666f47aff82f
Bug: chromium:718500
Change-Id: I7898b22e44a5ea5c0d1c301233037fbaabb8e327
Reviewed-on: https://pdfium-review.googlesource.com/5092
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
| -rw-r--r-- | third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch | 31 | ||||
| -rw-r--r-- | third_party/lcms2-2.6/README.pdfium | 1 | ||||
| -rw-r--r-- | third_party/lcms2-2.6/src/cmstypes.c | 15 |
3 files changed, 40 insertions, 7 deletions
diff --git a/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch new file mode 100644 index 0000000000..7a2f2788b0 --- /dev/null +++ b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch @@ -0,0 +1,31 @@ +diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c +index 75f1fae32..f92a92822 100644 +--- a/third_party/lcms2-2.6/src/cmstypes.c ++++ b/third_party/lcms2-2.6/src/cmstypes.c +@@ -4460,18 +4460,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); + if (NewLUT == NULL) return NULL; + +- if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; +- +- if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { +- if (NewLUT != NULL) cmsPipelineFree(NewLUT); +- *nItems = 0; +- return NULL; +- } ++ if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; ++ if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; + + // Success + *nItems = 1; + return NewLUT; + ++ // Error ++Error: ++ if (NewLUT != NULL) cmsPipelineFree(NewLUT); ++ *nItems = 0; ++ return NULL; ++ + cmsUNUSED_PARAMETER(SizeOfTag); + } + diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium index 78c150d70f..94dc67a7e3 100644 --- a/third_party/lcms2-2.6/README.pdfium +++ b/third_party/lcms2-2.6/README.pdfium @@ -31,4 +31,5 @@ Local Modifications: 0017-upstream-integer-overflow-MPEmatrix_Read.patch: fix some integer overflows. 0018-verify-size-before-reading.patch: fix OOM issue when there won't be enough data to read anyway. +0019-upstream-direct-leak-Type_MPE_Read.patch: fix leak in cmstypes.c. TODO(ochang): List other patches. diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c index 4d96a1ed6b..29806fb194 100644 --- a/third_party/lcms2-2.6/src/cmstypes.c +++ b/third_party/lcms2-2.6/src/cmstypes.c @@ -4466,18 +4466,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); if (NewLUT == NULL) return NULL; - if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; - - if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { - if (NewLUT != NULL) cmsPipelineFree(NewLUT); - *nItems = 0; - return NULL; - } + if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; + if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; // Success *nItems = 1; return NewLUT; + // Error +Error: + if (NewLUT != NULL) cmsPipelineFree(NewLUT); + *nItems = 0; + return NULL; + cmsUNUSED_PARAMETER(SizeOfTag); } |