diff options
| author | npm <npm@chromium.org> | 2016-12-05 08:38:35 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-12-05 08:38:35 -0800 |
| commit | 7341149c634e0ab9a619898826440f6e952cf0aa (patch) | |
| tree | 18adc01f06da78ed46cfb1bbbd75e8540b499cd5 /third_party/libtiff | |
| parent | f6ee820732b8717d32d85a47938172080067ce4e (diff) | |
| download | pdfium-7341149c634e0ab9a619898826440f6e952cf0aa.tar.xz | |
Fix a leak when TIFFRGBAImageBegin failschromium/2943
The method to create image can fail even after ycbcr has been set, so
the current way to release is not enough. TIFFRGBAImageEnd is safe in
that it checks for existence before deleting, and deletes whatever has
been created.
BUG=657473
Review-Url: https://codereview.chromium.org/2545723004
Diffstat (limited to 'third_party/libtiff')
| -rw-r--r-- | third_party/libtiff/0010-fix-leak-imagebegin.patch | 15 | ||||
| -rw-r--r-- | third_party/libtiff/README.pdfium | 1 | ||||
| -rw-r--r-- | third_party/libtiff/tif_getimage.c | 5 |
3 files changed, 17 insertions, 4 deletions
diff --git a/third_party/libtiff/0010-fix-leak-imagebegin.patch b/third_party/libtiff/0010-fix-leak-imagebegin.patch new file mode 100644 index 0000000000..41aaf91a38 --- /dev/null +++ b/third_party/libtiff/0010-fix-leak-imagebegin.patch @@ -0,0 +1,15 @@ +diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c +index 8523793..97fa94d 100644 +--- a/third_party/libtiff/tif_getimage.c ++++ b/third_party/libtiff/tif_getimage.c +@@ -478,10 +478,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) + return 1; + + fail_return: +- _TIFFfree( img->redcmap ); +- _TIFFfree( img->greencmap ); +- _TIFFfree( img->bluecmap ); +- img->redcmap = img->greencmap = img->bluecmap = NULL; ++ TIFFRGBAImageEnd(img); + return 0; + } diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index e0b4192e75..3842ea67c0 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -19,3 +19,4 @@ Local Modifications: 0007-uninitialized-value.patch: Fix potentially uninitialized dircount value 0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow 0009-HeapBufferOverflow-PixarLogDecode.patch: Fix a heap buffer overflow +0010-fix-leak-imagebegin: Fix a leak when TIFFRGBAImageBegin fails diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c index 85237937ec..97fa94dbe7 100644 --- a/third_party/libtiff/tif_getimage.c +++ b/third_party/libtiff/tif_getimage.c @@ -478,10 +478,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) return 1; fail_return: - _TIFFfree( img->redcmap ); - _TIFFfree( img->greencmap ); - _TIFFfree( img->bluecmap ); - img->redcmap = img->greencmap = img->bluecmap = NULL; + TIFFRGBAImageEnd(img); return 0; } |