From 0630447196b898b60103ca634e5c9d034b9d24d1 Mon Sep 17 00:00:00 2001
From: Nicolas Pena <npm@chromium.org>
Date: Thu, 26 Jan 2017 15:45:02 -0500
Subject: Fix leak in PredictorSetupDecode by calling tif_cleanup on failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

tif_data and tif_cleanup are both set on the TIFFInit methods, see for
instance TIFFInitPixarLog. If PredictorSetupDecode fails, whatever was
filled on tif_data should be cleaned up. The previous leak fix from
PixarLogSetupDecode is no longer necessary.

BUG=683834

Change-Id: Ib7dec3fb8addd56fa20f2e85c4ee918222a5f97e
Reviewed-on: https://pdfium-review.googlesource.com/2432
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
---
 .../0018-fix-leak-in-PredictorSetupDecode.patch    | 39 ++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 third_party/libtiff/0018-fix-leak-in-PredictorSetupDecode.patch

(limited to 'third_party/libtiff/0018-fix-leak-in-PredictorSetupDecode.patch')

diff --git a/third_party/libtiff/0018-fix-leak-in-PredictorSetupDecode.patch b/third_party/libtiff/0018-fix-leak-in-PredictorSetupDecode.patch
new file mode 100644
index 0000000000..a18df77409
--- /dev/null
+++ b/third_party/libtiff/0018-fix-leak-in-PredictorSetupDecode.patch
@@ -0,0 +1,39 @@
+diff --git a/third_party/libtiff/tif_pixarlog.c b/third_party/libtiff/tif_pixarlog.c
+index 80006d5b1..29535d31e 100644
+--- a/third_party/libtiff/tif_pixarlog.c
++++ b/third_party/libtiff/tif_pixarlog.c
+@@ -697,9 +697,6 @@ PixarLogSetupDecode(TIFF* tif)
+        if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
+                sp->user_datafmt = PixarLogGuessDataFmt(td);
+        if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) {
+-               _TIFFfree(sp->tbuf);
+-               sp->tbuf = NULL;
+-               sp->tbuf_size = 0;
+                TIFFErrorExt(tif->tif_clientdata, module,
+                        "PixarLog compression can't handle bits depth/data format combination (depth: %d)", 
+                        td->td_bitspersample);
+@@ -707,9 +704,6 @@ PixarLogSetupDecode(TIFF* tif)
+        }
+ 
+        if (inflateInit(&sp->stream) != Z_OK) {
+-               _TIFFfree(sp->tbuf);
+-               sp->tbuf = NULL;
+-               sp->tbuf_size = 0;
+                TIFFErrorExt(tif->tif_clientdata, module, "%s", sp->stream.msg);
+                return (0);
+        } else {
+diff --git a/third_party/libtiff/tif_predict.c b/third_party/libtiff/tif_predict.c
+index 1388dde59..8975672ae 100644
+--- a/third_party/libtiff/tif_predict.c
++++ b/third_party/libtiff/tif_predict.c
+@@ -109,7 +109,10 @@ PredictorSetupDecode(TIFF* tif)
+        TIFFDirectory* td = &tif->tif_dir;
+ 
+        if (!(*sp->setupdecode)(tif) || !PredictorSetup(tif))
++       {
++               (*tif->tif_cleanup)(tif);
+                return 0;
++       }
+ 
+        if (sp->predictor == 2) {
+                switch (td->td_bitspersample) {
-- 
cgit v1.2.3