Fix a memory leak in png_set_tRNS

This leak was discovered by OSS-Fuzz. The old structure of the code was along the lines of: allocate trans_alpha; if (problem) { // Jumps away from this function png_warning("tRNS chunk has out-of-range samples for bit_depth"); } mark trans_alpha as to-free; Signed-off-by: Cosmin Truta <ctruta@gmail.com>
2025-07-10 18:04:09 +02:00 · 2019-02-12 14:17:27 +01:00 · 2019-02-12 14:17:27 +01:00 · 3ec225dd41
commit 3ec225dd41
parent 36bd1bbd54
2 changed files with 5 additions and 1 deletions
--- a/1
+++ b/1
@ -36,6 +36,7 @@ Authors, for copyright and licensing purposes.
   - Matt Sarett
   - Mike Klein
   - Dan Field
   - Sami Boukortt
 The build projects, the build scripts, the test scripts, and other
 files in the "ci", "projects", "scripts" and "tests" directories, have
--- a/pngset.c
+++ b/pngset.c
@ -1,7 +1,7 @@
 /* pngset.c - storage of image information into info struct
 *
- * Copyright (c) 2018 Cosmin Truta
+ * Copyright (c) 2018-2022 Cosmin Truta
 * Copyright (c) 1998-2018 Glenn Randers-Pehrson
 * Copyright (c) 1996-1997 Andreas Dilger
 * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
@ -1019,6 +1019,9 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
          info_ptr->trans_alpha = png_voidcast(png_bytep,
              png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
          memcpy(info_ptr->trans_alpha, trans_alpha, (size_t)num_trans);
          info_ptr->valid |= PNG_INFO_tRNS;
          info_ptr->free_me |= PNG_FREE_TRNS;
       }
       png_ptr->trans_alpha = info_ptr->trans_alpha;
   }