From 352b6971deeb8e7438b6880fd4a26fd3f9382c47 Mon Sep 17 00:00:00 2001
From: Nicolas Pena <npm@chromium.org>
Date: Wed, 18 Jan 2017 14:28:00 -0500
Subject: Fix leak in PixarLogSetupDecode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The call may come from TIFFReadRGBAImageOriented, and there no cleanup
is done. So free the memory allocation on failure.

BUG=681301

Change-Id: I4ac7db03d18eddd3117649ca185dffdcc9189870
Reviewed-on: https://pdfium-review.googlesource.com/2252
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
---
 .../libtiff/0015-fix-leaks-in-tif_ojpeg.patch      | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 third_party/libtiff/0015-fix-leaks-in-tif_ojpeg.patch

(limited to 'third_party/libtiff/0015-fix-leaks-in-tif_ojpeg.patch')

diff --git a/third_party/libtiff/0015-fix-leaks-in-tif_ojpeg.patch b/third_party/libtiff/0015-fix-leaks-in-tif_ojpeg.patch
new file mode 100644
index 0000000000..e9d3a408bf
--- /dev/null
+++ b/third_party/libtiff/0015-fix-leaks-in-tif_ojpeg.patch
@@ -0,0 +1,37 @@
+diff --git a/third_party/libtiff/tif_ojpeg.c b/third_party/libtiff/tif_ojpeg.c
+index cc5449cd6..f69b00148 100644
+--- a/third_party/libtiff/tif_ojpeg.c
++++ b/third_party/libtiff/tif_ojpeg.c
+@@ -1790,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif)
+                        TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
+                        p=TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
+                        if (p!=64)
++                       {
++                               _TIFFfree(ob);
+                                return(0);
++                       }
+                        sp->qtable[m]=ob;
+                        sp->sof_tq[m]=m;
+                }
+@@ -1854,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif)
+                                rb[sizeof(uint32)+5+n]=o[n];
+                        p=TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+                        if (p!=q)
++                       {
++                               _TIFFfree(rb);
+                                return(0);
++                       }
+                        sp->dctable[m]=rb;
+                        sp->sos_tda[m]=(m<<4);
+                }
+@@ -1918,7 +1924,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif)
+                                rb[sizeof(uint32)+5+n]=o[n];
+                        p=TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+                        if (p!=q)
++                       {
++                               _TIFFfree(rb);
+                                return(0);
++                       }
+                        sp->actable[m]=rb;
+                        sp->sos_tda[m]=(sp->sos_tda[m]|m);
+                }
-- 
cgit v1.2.3