From 8f7970040548ff3550ce450944d39d4660b3d918 Mon Sep 17 00:00:00 2001 From: thestig Date: Mon, 1 Aug 2016 19:36:27 -0700 Subject: Fix a memory leak in libtiff. BUG=633387 Review-Url: https://codereview.chromium.org/2204793002 --- third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch | 13 +++++++++++++ third_party/libtiff/README.pdfium | 1 + third_party/libtiff/tif_dirread.c | 2 ++ 3 files changed, 16 insertions(+) create mode 100644 third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch diff --git a/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch b/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch new file mode 100644 index 0000000000..0f9b16873f --- /dev/null +++ b/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c +index a0dc68b..5ef3264 100644 +--- a/third_party/libtiff/tif_dirread.c ++++ b/third_party/libtiff/tif_dirread.c +@@ -5372,6 +5372,8 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp) + static const char module[] = "TIFFFetchStripThing"; + enum TIFFReadDirEntryErr err; + uint64* data; ++ _TIFFfree(*lpp); ++ *lpp = 0; + err=TIFFReadDirEntryLong8Array(tif,dir,&data); + if (err!=TIFFReadDirEntryErrOk) + { diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index 09577f93fb..05e4965c4f 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -14,3 +14,4 @@ Local Modifications: 0002-CVE-2015-8665-8683.patch: Security fixes 0003-CVE-2015-8781-8782-8783.patch: Security fixes 0004-CVE-2015-8784.patch: Security fixes +0005-Leak-TIFFFetchStripThing.patch: Fix a memory leak diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c index a0dc68b78e..5ef326485b 100644 --- a/third_party/libtiff/tif_dirread.c +++ b/third_party/libtiff/tif_dirread.c @@ -5372,6 +5372,8 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp) static const char module[] = "TIFFFetchStripThing"; enum TIFFReadDirEntryErr err; uint64* data; + _TIFFfree(*lpp); + *lpp = 0; err=TIFFReadDirEntryLong8Array(tif,dir,&data); if (err!=TIFFReadDirEntryErrOk) { -- cgit v1.2.3