diff options
author | Marti Maria <mmaria@abindustries.com> | 2022-01-18 18:51:28 +0100 |
---|---|---|
committer | Marti Maria <mmaria@abindustries.com> | 2022-01-18 18:51:28 +0100 |
commit | ab5029d60d5dc41a414e4acc472d024e3449d36a (patch) | |
tree | 41b13069ae624dbec3ed3153e189582f6151e1ee /src | |
parent | e090fcf461b9cd86733cd642856ab478ee6278e8 (diff) | |
download | lcms2-ab5029d60d5dc41a414e4acc472d024e3449d36a.tar.gz |
Fix a memory leak when discarding crafted profiles
From chrome's fuzzer
Diffstat (limited to 'src')
-rw-r--r-- | src/cmsio0.c | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/src/cmsio0.c b/src/cmsio0.c index 4feb6c6..353ddc9 100644 --- a/src/cmsio0.c +++ b/src/cmsio0.c @@ -1434,7 +1434,25 @@ cmsBool CMSEXPORT cmsSaveProfileToMem(cmsHPROFILE hProfile, void *MemPtr, cmsUIn return rc; } +// Free one tag contents +static +void freeOneTag(_cmsICCPROFILE* Icc, cmsUInt32Number i) +{ + if (Icc->TagPtrs[i]) { + + cmsTagTypeHandler* TypeHandler = Icc->TagTypeHandlers[i]; + if (TypeHandler != NULL) { + cmsTagTypeHandler LocalTypeHandler = *TypeHandler; + + LocalTypeHandler.ContextID = Icc->ContextID; + LocalTypeHandler.ICCVersion = Icc->Version; + LocalTypeHandler.FreePtr(&LocalTypeHandler, Icc->TagPtrs[i]); + } + else + _cmsFree(Icc->ContextID, Icc->TagPtrs[i]); + } +} // Closes a profile freeing any involved resources cmsBool CMSEXPORT cmsCloseProfile(cmsHPROFILE hProfile) @@ -1454,20 +1472,7 @@ cmsBool CMSEXPORT cmsCloseProfile(cmsHPROFILE hProfile) for (i=0; i < Icc -> TagCount; i++) { - if (Icc -> TagPtrs[i]) { - - cmsTagTypeHandler* TypeHandler = Icc ->TagTypeHandlers[i]; - - if (TypeHandler != NULL) { - cmsTagTypeHandler LocalTypeHandler = *TypeHandler; - - LocalTypeHandler.ContextID = Icc ->ContextID; // As an additional parameters - LocalTypeHandler.ICCVersion = Icc ->Version; - LocalTypeHandler.FreePtr(&LocalTypeHandler, Icc -> TagPtrs[i]); - } - else - _cmsFree(Icc ->ContextID, Icc ->TagPtrs[i]); - } + freeOneTag(Icc, i); } if (Icc ->IOhandler != NULL) { @@ -1623,12 +1628,9 @@ void* CMSEXPORT cmsReadTag(cmsHPROFILE hProfile, cmsTagSignature sig) // Return error and unlock the data Error: - if (Icc->TagPtrs[n] != NULL) - { - _cmsFree(Icc->ContextID, Icc->TagPtrs[n]); - Icc->TagPtrs[n] = NULL; - } - + freeOneTag(Icc, n); + Icc->TagPtrs[n] = NULL; + _cmsUnlockMutex(Icc->ContextID, Icc ->UsrMutex); return NULL; } |