2011.05.30 06:28 "[Tiff] [PATCH] plug leaks on OJPEG read failure path", by Jim Meyering
"nb" is allocated just prior, but never freed on these two error paths:
From f2a224264972c305ccce90baf408f2cebc45fcba Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Mon, 30 May 2011 08:22:12 +0200 Subject: [PATCH] plug leaks on OJPEG read failure path
---
libtiff/tif_ojpeg.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
index 485ce28..e347315 100644
--- a/libtiff/tif_ojpeg.c
+++ b/libtiff/tif_ojpeg.c
@@ -1433,12 +1433,15 @@ OJPEGReadHeaderInfoSecStreamDqt(TIFF* tif)
nb[sizeof(uint32)+1]=JPEG_MARKER_DQT;
nb[sizeof(uint32)+2]=0;
nb[sizeof(uint32)+3]=67;
- if (OJPEGReadBlock(sp,65,&nb[sizeof(uint32)+4])==0)
+ if (OJPEGReadBlock(sp,65,&nb[sizeof(uint32)+4])==0) {
+ _TIFFfree(nb);
return(0);
+ }
o=nb[sizeof(uint32)+4]&15;
if (3<o)
{
TIFFErrorExt(tif->tif_clientdata,module,"Corrupt
DQT marker in JPEG data");
+ _TIFFfree(nb);
return(0);
}
if (sp->qtable[o]!=0)
--
1.7.5.2.660.g9f46c