From 7341149c634e0ab9a619898826440f6e952cf0aa Mon Sep 17 00:00:00 2001 From: npm Date: Mon, 5 Dec 2016 08:38:35 -0800 Subject: Fix a leak when TIFFRGBAImageBegin fails The method to create image can fail even after ycbcr has been set, so the current way to release is not enough. TIFFRGBAImageEnd is safe in that it checks for existence before deleting, and deletes whatever has been created. BUG=657473 Review-Url: https://codereview.chromium.org/2545723004 --- third_party/libtiff/0010-fix-leak-imagebegin.patch | 15 +++++++++++++++ third_party/libtiff/README.pdfium | 1 + third_party/libtiff/tif_getimage.c | 5 +---- 3 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 third_party/libtiff/0010-fix-leak-imagebegin.patch (limited to 'third_party') diff --git a/third_party/libtiff/0010-fix-leak-imagebegin.patch b/third_party/libtiff/0010-fix-leak-imagebegin.patch new file mode 100644 index 0000000000..41aaf91a38 --- /dev/null +++ b/third_party/libtiff/0010-fix-leak-imagebegin.patch @@ -0,0 +1,15 @@ +diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c +index 8523793..97fa94d 100644 +--- a/third_party/libtiff/tif_getimage.c ++++ b/third_party/libtiff/tif_getimage.c +@@ -478,10 +478,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) + return 1; + + fail_return: +- _TIFFfree( img->redcmap ); +- _TIFFfree( img->greencmap ); +- _TIFFfree( img->bluecmap ); +- img->redcmap = img->greencmap = img->bluecmap = NULL; ++ TIFFRGBAImageEnd(img); + return 0; + } diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index e0b4192e75..3842ea67c0 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -19,3 +19,4 @@ Local Modifications: 0007-uninitialized-value.patch: Fix potentially uninitialized dircount value 0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow 0009-HeapBufferOverflow-PixarLogDecode.patch: Fix a heap buffer overflow +0010-fix-leak-imagebegin: Fix a leak when TIFFRGBAImageBegin fails diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c index 85237937ec..97fa94dbe7 100644 --- a/third_party/libtiff/tif_getimage.c +++ b/third_party/libtiff/tif_getimage.c @@ -478,10 +478,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) return 1; fail_return: - _TIFFfree( img->redcmap ); - _TIFFfree( img->greencmap ); - _TIFFfree( img->bluecmap ); - img->redcmap = img->greencmap = img->bluecmap = NULL; + TIFFRGBAImageEnd(img); return 0; } -- cgit v1.2.3