[freetype2] master b0729b8: [sfnt] Fix memory leak in png loading.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master b0729b8: [sfnt] Fix memory leak in png loading.

From:	Werner Lemberg
Subject:	[freetype2] master b0729b8: [sfnt] Fix memory leak in png loading.
Date:	Tue, 16 Mar 2021 03:48:13 -0400 (EDT)

branch: master
commit b0729b8fbb18dc1340ade628facf3f1cee498bfb
Author: Ben Wagner <bungeman@chromium.org>
Commit: Werner Lemberg <wl@gnu.org>

    [sfnt] Fix memory leak in png loading.
    
    Reported as
    
      https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
    
    Memory is allocated and the pointer assigned to `rows` inside a
    'setjmp' scope.  This memory must be freed outside the 'setjmp'
    scope after a 'longjmp'.  Since `rows` is a local and modified
    inside the 'setjmp' scope it must be marked volatile or it will have
    an indeterminate value after the 'longjmp'.
    
    * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
---
 ChangeLog          | 16 ++++++++++++++++
 src/sfnt/pngshim.c |  5 ++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 1883fda..3535d06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2021-03-16  Ben Wagner  <bungeman@google.com>
+
+       [sfnt] Fix memory leak in png loading.
+
+       Reported as
+
+         https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
+
+       Memory is allocated and the pointer assigned to `rows` inside a
+       'setjmp' scope.  This memory must be freed outside the 'setjmp'
+       scope after a 'longjmp'.  Since `rows` is a local and modified
+       inside the 'setjmp' scope it must be marked volatile or it will have
+       an indeterminate value after the 'longjmp'.
+
+       * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
+
 2021-03-16  Christopher Degawa  <ccom@randomderp.com>
 
        * CMakeLists.txt: Don't limit generation of 'pkg-config' file to UNIX.
diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c
index c7a2938..3ef7b43 100644
--- a/src/sfnt/pngshim.c
+++ b/src/sfnt/pngshim.c
@@ -270,7 +270,10 @@
 
     int         bitdepth, color_type, interlace;
     FT_Int      i;
-    png_byte*  *rows = NULL; /* pacify compiler */
+
+    /* `rows` gets modified within a 'setjmp' scope; */
+    /* we thus need the `volatile` keyword.          */
+    png_byte* *volatile  rows = NULL;
 
 
     if ( x_offset < 0 ||

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master b0729b8: [sfnt] Fix memory leak in png loading., Werner Lemberg <=

Prev by Date: [Git][freetype/freetype][master] * CMakeLists.txt: Don't limit generation of 'pkg-config' file to UNIX.
Next by Date: [Git][freetype/freetype][master] [sfnt] Fix memory leak in png loading.
Previous by thread: [Git][freetype/freetype][master] * CMakeLists.txt: Don't limit generation of 'pkg-config' file to UNIX.
Next by thread: [Git][freetype/freetype][master] [sfnt] Fix memory leak in png loading.
Index(es):
- Date
- Thread