summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch31
-rw-r--r--third_party/lcms2-2.6/README.pdfium1
-rw-r--r--third_party/lcms2-2.6/src/cmstypes.c15
3 files changed, 40 insertions, 7 deletions
diff --git a/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch
new file mode 100644
index 0000000000..7a2f2788b0
--- /dev/null
+++ b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch
@@ -0,0 +1,31 @@
+diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c
+index 75f1fae32..f92a92822 100644
+--- a/third_party/lcms2-2.6/src/cmstypes.c
++++ b/third_party/lcms2-2.6/src/cmstypes.c
+@@ -4460,18 +4460,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
+ NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans);
+ if (NewLUT == NULL) return NULL;
+
+- if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL;
+-
+- if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) {
+- if (NewLUT != NULL) cmsPipelineFree(NewLUT);
+- *nItems = 0;
+- return NULL;
+- }
++ if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error;
++ if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error;
+
+ // Success
+ *nItems = 1;
+ return NewLUT;
+
++ // Error
++Error:
++ if (NewLUT != NULL) cmsPipelineFree(NewLUT);
++ *nItems = 0;
++ return NULL;
++
+ cmsUNUSED_PARAMETER(SizeOfTag);
+ }
+
diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium
index 78c150d70f..94dc67a7e3 100644
--- a/third_party/lcms2-2.6/README.pdfium
+++ b/third_party/lcms2-2.6/README.pdfium
@@ -31,4 +31,5 @@ Local Modifications:
0017-upstream-integer-overflow-MPEmatrix_Read.patch: fix some integer overflows.
0018-verify-size-before-reading.patch: fix OOM issue when there won't be enough
data to read anyway.
+0019-upstream-direct-leak-Type_MPE_Read.patch: fix leak in cmstypes.c.
TODO(ochang): List other patches.
diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c
index 4d96a1ed6b..29806fb194 100644
--- a/third_party/lcms2-2.6/src/cmstypes.c
+++ b/third_party/lcms2-2.6/src/cmstypes.c
@@ -4466,18 +4466,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans);
if (NewLUT == NULL) return NULL;
- if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL;
-
- if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) {
- if (NewLUT != NULL) cmsPipelineFree(NewLUT);
- *nItems = 0;
- return NULL;
- }
+ if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error;
+ if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error;
// Success
*nItems = 1;
return NewLUT;
+ // Error
+Error:
+ if (NewLUT != NULL) cmsPipelineFree(NewLUT);
+ *nItems = 0;
+ return NULL;
+
cmsUNUSED_PARAMETER(SizeOfTag);
}