diff options
author | skal <pascal.massimino@gmail.com> | 2019-07-29 15:22:06 +0200 |
---|---|---|
committer | Cosmin Truta <ctruta@gmail.com> | 2020-04-27 00:16:36 -0400 |
commit | eb6767273a4eb5d6f4ad528370d7262cf7aa220c (patch) | |
tree | 2ab614985eb293f9e7bfa7c11db72b6f76eb8a67 /contrib | |
parent | 9f734b13f4ea062af98652c4c7678f667d2d85c7 (diff) | |
download | libpng-eb6767273a4eb5d6f4ad528370d7262cf7aa220c.tar.gz |
Fix memory leak if eXIf has incorrect crc
Problem description:
Imagine a bitstream with an eXIf data segment that has invalid CRC.
If png_crc_finish() fails at line 2090, info_ptr->eXIf_buf is not freed
(despite the free_me setting at line 2062) because png_free_data() is
not called. png_read_info() is actually looping several time over the
png_eXIf chunk, calling png_handle_eXIf() several time in a row without
freeing the buffer.
This patch fixes the problem by leaving info_ptr's content in a clean
state in case of failure, as it is done at line 2084.
Diffstat (limited to 'contrib')
0 files changed, 0 insertions, 0 deletions