diff options
-rw-r--r-- | third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch | 31 | ||||
-rw-r--r-- | third_party/lcms2-2.6/README.pdfium | 1 | ||||
-rw-r--r-- | third_party/lcms2-2.6/src/cmstypes.c | 15 |
3 files changed, 40 insertions, 7 deletions
diff --git a/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch new file mode 100644 index 0000000000..7a2f2788b0 --- /dev/null +++ b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch @@ -0,0 +1,31 @@ +diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c +index 75f1fae32..f92a92822 100644 +--- a/third_party/lcms2-2.6/src/cmstypes.c ++++ b/third_party/lcms2-2.6/src/cmstypes.c +@@ -4460,18 +4460,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); + if (NewLUT == NULL) return NULL; + +- if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; +- +- if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { +- if (NewLUT != NULL) cmsPipelineFree(NewLUT); +- *nItems = 0; +- return NULL; +- } ++ if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; ++ if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; + + // Success + *nItems = 1; + return NewLUT; + ++ // Error ++Error: ++ if (NewLUT != NULL) cmsPipelineFree(NewLUT); ++ *nItems = 0; ++ return NULL; ++ + cmsUNUSED_PARAMETER(SizeOfTag); + } + diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium index 78c150d70f..94dc67a7e3 100644 --- a/third_party/lcms2-2.6/README.pdfium +++ b/third_party/lcms2-2.6/README.pdfium @@ -31,4 +31,5 @@ Local Modifications: 0017-upstream-integer-overflow-MPEmatrix_Read.patch: fix some integer overflows. 0018-verify-size-before-reading.patch: fix OOM issue when there won't be enough data to read anyway. +0019-upstream-direct-leak-Type_MPE_Read.patch: fix leak in cmstypes.c. TODO(ochang): List other patches. diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c index 4d96a1ed6b..29806fb194 100644 --- a/third_party/lcms2-2.6/src/cmstypes.c +++ b/third_party/lcms2-2.6/src/cmstypes.c @@ -4466,18 +4466,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); if (NewLUT == NULL) return NULL; - if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; - - if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { - if (NewLUT != NULL) cmsPipelineFree(NewLUT); - *nItems = 0; - return NULL; - } + if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; + if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; // Success *nItems = 1; return NewLUT; + // Error +Error: + if (NewLUT != NULL) cmsPipelineFree(NewLUT); + *nItems = 0; + return NULL; + cmsUNUSED_PARAMETER(SizeOfTag); } |