From 87c658d72ec1e2167fe60d97dcc1ca0301e920ea Mon Sep 17 00:00:00 2001 From: kcwu Date: Mon, 26 Sep 2016 12:00:31 -0700 Subject: Fix memory leak in lcms, MPEmatrix_Read BUG=650277 Review-Url: https://codereview.chromium.org/2371723003 --- .../0008-memory-leak-Type_MPEmatrix_Read.patch | 30 ++++++++++++++++++++++ third_party/lcms2-2.6/README.pdfium | 1 + third_party/lcms2-2.6/src/cmstypes.c | 12 +++++++-- 3 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch diff --git a/third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch b/third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch new file mode 100644 index 0000000000..93ee3d3fde --- /dev/null +++ b/third_party/lcms2-2.6/0008-memory-leak-Type_MPEmatrix_Read.patch @@ -0,0 +1,30 @@ +diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c +index 441d6bb..15199c7 100644 +--- a/third_party/lcms2-2.6/src/cmstypes.c ++++ b/third_party/lcms2-2.6/src/cmstypes.c +@@ -4203,7 +4203,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io + + cmsFloat32Number v; + +- if (!_cmsReadFloat32Number(io, &v)) return NULL; ++ if (!_cmsReadFloat32Number(io, &v)) { ++ _cmsFree(self ->ContextID, Matrix); ++ _cmsFree(self ->ContextID, Offsets); ++ return NULL; ++ } + Matrix[i] = v; + } + +@@ -4212,7 +4216,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io + + cmsFloat32Number v; + +- if (!_cmsReadFloat32Number(io, &v)) return NULL; ++ if (!_cmsReadFloat32Number(io, &v)) { ++ _cmsFree(self ->ContextID, Matrix); ++ _cmsFree(self ->ContextID, Offsets); ++ return NULL; ++ } + Offsets[i] = v; + } + diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium index 4fcd32b18e..29479392c4 100644 --- a/third_party/lcms2-2.6/README.pdfium +++ b/third_party/lcms2-2.6/README.pdfium @@ -17,4 +17,5 @@ Local Modifications: 0005-memory-leak-AllocEmptyTransform.patch: Fix memory leak in AllocEmptyTransform. 0006-memory-leak-Type_NamedColor_Read.patch: Fix memory leak in Type_NamedColor_Read. 0007-memory-leak-OptimizeByResampling.patch: Fix memory leak in OptimizeByResampling. +0008-memory-leak-Type_MPEmatrix_Read.patch: Fix memory leak in MPEmatrix_Read. TODO(ochang): List other patches. diff --git a/third_party/lcms2-2.6/src/cmstypes.c b/third_party/lcms2-2.6/src/cmstypes.c index 441d6bb241..15199c7084 100644 --- a/third_party/lcms2-2.6/src/cmstypes.c +++ b/third_party/lcms2-2.6/src/cmstypes.c @@ -4203,7 +4203,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io cmsFloat32Number v; - if (!_cmsReadFloat32Number(io, &v)) return NULL; + if (!_cmsReadFloat32Number(io, &v)) { + _cmsFree(self ->ContextID, Matrix); + _cmsFree(self ->ContextID, Offsets); + return NULL; + } Matrix[i] = v; } @@ -4212,7 +4216,11 @@ void *Type_MPEmatrix_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io cmsFloat32Number v; - if (!_cmsReadFloat32Number(io, &v)) return NULL; + if (!_cmsReadFloat32Number(io, &v)) { + _cmsFree(self ->ContextID, Matrix); + _cmsFree(self ->ContextID, Offsets); + return NULL; + } Offsets[i] = v; } -- cgit v1.2.3