rpms / freetype

Clone
Source Code
GIT

Blame SOURCES/freetype-2.10.4-png-memory-leak.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   freetype-2.10.4-png-memory-leak.patch
Blob History Raw
f1a3e6 
From 007c109b4594c5e63948bd08b4d5011ad76ffb10 Mon Sep 17 00:00:00 2001
f1a3e6 
From: Ben Wagner <bungeman@google.com>
f1a3e6 
Date: Fri, 23 Oct 2020 08:29:14 +0200
f1a3e6 
Subject: [PATCH] * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak
f1a3e6 
 (#59322).
f1a3e6
f1a3e6 
The issue is that `rows` is allocated but will not be freed in the
f1a3e6 
event that the call to `png_read_image` fails and calls `longjmp`.
f1a3e6 
---
f1a3e6 
 ChangeLog          | 7 +++++++
f1a3e6 
 src/sfnt/pngshim.c | 1 +
f1a3e6 
 2 files changed, 8 insertions(+)
f1a3e6
f1a3e6 
diff --git a/ChangeLog b/ChangeLog
f1a3e6 
index 42f7c34ba..ff048b8ab 100644
f1a3e6 
--- a/ChangeLog
f1a3e6 
+++ b/ChangeLog
f1a3e6 
@@ -1,3 +1,10 @@
f1a3e6 
+2020-10-23  Ben Wagner  <bungeman@google.com>
f1a3e6 
+
f1a3e6 
+	* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak (#59322).
f1a3e6 
+
f1a3e6 
+	The issue is that `rows` is allocated but will not be freed in the
f1a3e6 
+	event that the call to `png_read_image` fails and calls `longjmp`.
f1a3e6 
+
f1a3e6 
 2020-10-20  Werner Lemberg  <wl@gnu.org>
f1a3e6
f1a3e6 
 	* Version 2.10.4 released.
f1a3e6 
diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c
f1a3e6 
index f55016122..d4e43a9f4 100644
f1a3e6 
--- a/src/sfnt/pngshim.c
f1a3e6 
+++ b/src/sfnt/pngshim.c
f1a3e6 
@@ -443,6 +443,7 @@
f1a3e6 
     png_read_end( png, info );
f1a3e6
f1a3e6 
   DestroyExit:
f1a3e6 
+    FT_FREE( rows );
f1a3e6 
     png_destroy_read_struct( &png, &info, NULL );
f1a3e6 
     FT_Stream_Close( &stream );
f1a3e6
f1a3e6 
--
f1a3e6 
2.26.2
f1a3e6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation