mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[master] Return allocated "old_buffer" in png_push_save_buffer()

Browse Source 
before calling png_error(), to avoid a potential memory leak.
This commit is contained in:
Glenn Randers-Pehrson 2010-02-08 15:56:17 -06:00
parent 233edbf415
commit 9101d75316
3 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.4.1beta09 - February 8, 2010 Libpng 1.4.1beta10 - February 8, 2010
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -9,20 +9,20 @@ Files available for download:
Source files with LF line endings (for Unix/Linux) and with a Source files with LF line endings (for Unix/Linux) and with a
"configure" script "configure" script
1.4.1beta09.tar.xz (LZMA-compressed, recommended) 1.4.1beta10.tar.xz (LZMA-compressed, recommended)
1.4.1beta09.tar.gz 1.4.1beta10.tar.gz
1.4.1beta09.tar.bz2 1.4.1beta10.tar.bz2
Source files with CRLF line endings (for Windows), without the Source files with CRLF line endings (for Windows), without the
"configure" script "configure" script
lp141b09.zip lp141b10.zip
lp141b09.7z lp141b10.7z
Other information: Other information:
1.4.1beta09-README.txt 1.4.1beta10-README.txt
1.4.1beta09-LICENSE.txt 1.4.1beta10-LICENSE.txt
Changes since the last public release (1.4.0): Changes since the last public release (1.4.0):
@ -69,9 +69,13 @@ version 1.4.1beta07 [February 6, 2010]
version 1.4.1beta08 [February 6, 2010] version 1.4.1beta08 [February 6, 2010]
Minor cleanup and updating of dates and copyright year. Minor cleanup and updating of dates and copyright year.
version 1.4.1beta09 [February 8, 2010] version 1.4.1beta09 [February 7, 2010]
Reverted to original png_push_save_buffer() code. Reverted to original png_push_save_buffer() code.
version 1.4.1beta10 [February 8, 2010]
Return allocated "old_buffer" in png_push_save_buffer() before calling
png_error(), to avoid a potential memory leak.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement https://lists.sourceforge.net/lists/listinfo/png-mng-implement

6
CHANGES
View File

@ -2502,9 +2502,13 @@ version 1.4.1beta07 [February 6, 2010]
version 1.4.1beta08 [February 6, 2010] version 1.4.1beta08 [February 6, 2010]
Minor cleanup and updating of dates and copyright year. Minor cleanup and updating of dates and copyright year.
version 1.4.1beta09 [February 8, 2010] version 1.4.1beta09 [February 7, 2010]
Reverted to original png_push_save_buffer() code. Reverted to original png_push_save_buffer() code.
version 1.4.1beta10 [February 8, 2010]
Return allocated "old_buffer" in png_push_save_buffer() before calling
png_error(), to avoid a potential memory leak.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement https://lists.sourceforge.net/lists/listinfo/png-mng-implement

7
pngpread.c
View File

@ -700,8 +700,13 @@ png_push_save_buffer(png_structp png_ptr)
new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256; new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
old_buffer = png_ptr->save_buffer; old_buffer = png_ptr->save_buffer;
png_ptr->save_buffer = (png_bytep)png_malloc(png_ptr, png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
(png_size_t)new_max); (png_size_t)new_max);
if (png_ptr->save_buffer == NULL)
{
png_free(png_ptr, old_buffer);
png_error(png_ptr, "Insufficient memory for save_buffer");
}
png_memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size); png_memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
png_free(png_ptr, old_buffer); png_free(png_ptr, old_buffer);
png_ptr->save_buffer_max = new_max; png_ptr->save_buffer_max = new_max;