Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mm2/Little-CMS.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarti Maria <mmaria@abindustries.com>2022-01-18 20:51:28 +0300
committerMarti Maria <mmaria@abindustries.com>2022-01-18 20:51:28 +0300
commitab5029d60d5dc41a414e4acc472d024e3449d36a (patch)
tree41b13069ae624dbec3ed3153e189582f6151e1ee
parente090fcf461b9cd86733cd642856ab478ee6278e8 (diff)
Fix a memory leak when discarding crafted profiles
From chrome's fuzzer
Diffstat
-rw-r--r--src/cmsio0.c42
1 files changed, 22 insertions, 20 deletions
diff --git a/src/cmsio0.c b/src/cmsio0.c
index 4feb6c6..353ddc9 100644
--- a/src/cmsio0.c
+++ b/src/cmsio0.c
@@ -1434,7 +1434,25 @@ cmsBool CMSEXPORT cmsSaveProfileToMem(cmsHPROFILE hProfile, void *MemPtr, cmsUIn
return rc;
}
+// Free one tag contents
+static
+void freeOneTag(_cmsICCPROFILE* Icc, cmsUInt32Number i)
+{
+ if (Icc->TagPtrs[i]) {
+
+ cmsTagTypeHandler* TypeHandler = Icc->TagTypeHandlers[i];
+ if (TypeHandler != NULL) {
+ cmsTagTypeHandler LocalTypeHandler = *TypeHandler;
+
+ LocalTypeHandler.ContextID = Icc->ContextID;
+ LocalTypeHandler.ICCVersion = Icc->Version;
+ LocalTypeHandler.FreePtr(&LocalTypeHandler, Icc->TagPtrs[i]);
+ }
+ else
+ _cmsFree(Icc->ContextID, Icc->TagPtrs[i]);
+ }
+}
// Closes a profile freeing any involved resources
cmsBool CMSEXPORT cmsCloseProfile(cmsHPROFILE hProfile)
@@ -1454,20 +1472,7 @@ cmsBool CMSEXPORT cmsCloseProfile(cmsHPROFILE hProfile)
for (i=0; i < Icc -> TagCount; i++) {
- if (Icc -> TagPtrs[i]) {
-
- cmsTagTypeHandler* TypeHandler = Icc ->TagTypeHandlers[i];
-
- if (TypeHandler != NULL) {
- cmsTagTypeHandler LocalTypeHandler = *TypeHandler;
-
- LocalTypeHandler.ContextID = Icc ->ContextID; // As an additional parameters
- LocalTypeHandler.ICCVersion = Icc ->Version;
- LocalTypeHandler.FreePtr(&LocalTypeHandler, Icc -> TagPtrs[i]);
- }
- else
- _cmsFree(Icc ->ContextID, Icc ->TagPtrs[i]);
- }
+ freeOneTag(Icc, i);
}
if (Icc ->IOhandler != NULL) {
@@ -1623,12 +1628,9 @@ void* CMSEXPORT cmsReadTag(cmsHPROFILE hProfile, cmsTagSignature sig)
// Return error and unlock the data
Error:
- if (Icc->TagPtrs[n] != NULL)
- {
- _cmsFree(Icc->ContextID, Icc->TagPtrs[n]);
- Icc->TagPtrs[n] = NULL;
- }
-
+ freeOneTag(Icc, n);
+ Icc->TagPtrs[n] = NULL;
+
_cmsUnlockMutex(Icc->ContextID, Icc ->UsrMutex);
return NULL;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 23:38:09 +0300