From 87ba200028c0bebc63355e11a9c5de9211722f32 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Mon, 8 May 2017 15:42:15 -0400 Subject: [LCMS] Upstream direct leak fix This CL applies the following upstream patch: https://github.com/mm2/Little-CMS/commit/02c95fa76bdc4f73113373070278666f47aff82f Bug: chromium:718500 Change-Id: I7898b22e44a5ea5c0d1c301233037fbaabb8e327 Reviewed-on: https://pdfium-review.googlesource.com/5092 Reviewed-by: dsinclair Commit-Queue: dsinclair --- .../0019-upstream-direct-leak-Type_MPE_Read.patch | 31 ++++++++++++++++++++++ third_party/lcms2-2.6/README.pdfium | 1 + third_party/lcms2-2.6/src/cmstypes.c | 15 ++++++----- 3 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch diff --git a/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch new file mode 100644 index 0000000000..7a2f2788b0 --- /dev/null +++ b/third_party/lcms2-2.6/0019-upstream-direct-leak-Type_MPE_Read.patch @@ -0,0 +1,31 @@ +diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c +index 75f1fae32..f92a92822 100644 +--- a/third_party/lcms2-2.6/src/cmstypes.c ++++ b/third_party/lcms2-2.6/src/cmstypes.c +@@ -4460,18 +4460,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); + if (NewLUT == NULL) return NULL; + +- if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; +- +- if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { +- if (NewLUT != NULL) cmsPipelineFree(NewLUT); +- *nItems = 0; +- return NULL; +- } ++ if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; ++ if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; + + // Success + *nItems = 1; + return NewLUT; + ++ // Error ++Error: ++ if (NewLUT != NULL) cmsPipelineFree(NewLUT); ++ *nItems = 0; ++ return NULL; ++ + cmsUNUSED_PARAMETER(SizeOfTag); + } + diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium index 78c150d70f..94dc67a7e3 100644 --- a/third_party/lcms2-2.6/README.pdfium +++ b/third_party/lcms2-2.6/README.pdfium @@ -31,4 +31,5 @@ Local Modifications: 0017-upstream-integer-overflow-MPEmatrix_Read.patch: fix some integer overflows. 0018-verify-size-before-reading.patch: fix OOM issue when there won't be enough data to read anyway. +0019-upstream-direct-leak-Type_MPE_Read.patch: fix leak in cmstypes.c. TODO(ochang): List other patches. diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c index 4d96a1ed6b..29806fb194 100644 --- a/third_party/lcms2-2.6/src/cmstypes.c +++ b/third_party/lcms2-2.6/src/cmstypes.c @@ -4466,18 +4466,19 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); if (NewLUT == NULL) return NULL; - if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; - - if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { - if (NewLUT != NULL) cmsPipelineFree(NewLUT); - *nItems = 0; - return NULL; - } + if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; + if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; // Success *nItems = 1; return NewLUT; + // Error +Error: + if (NewLUT != NULL) cmsPipelineFree(NewLUT); + *nItems = 0; + return NULL; + cmsUNUSED_PARAMETER(SizeOfTag); } -- cgit v1.2.3