Memory leaks when reading png corrupt image

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
tangxm
Posts: 2
Joined: 2012-03-13T05:22:12-07:00
Authentication code: 8675308

Memory leaks when reading png corrupt image

Post by tangxm »

hi, guys:
I'm using IM6.7.5, and there may be a memory leak in coders/png.c. Here is the code:

Code: Select all

2821   /*                                                                                                                                                    
2822     Convert PNG pixels to pixel packets.                                                                                                                
2823   */                                                                                                                                                    
2824   if (setjmp(png_jmpbuf(ping)))                                                                                                                         
2825     {                                                                                                                                                   
2826       /*                                                                                                                                                
2827         PNG image is corrupt.                                                                                                                           
2828       */                                                                                                                                                
2829       png_destroy_read_struct(&ping,&ping_info,&end_info);                                                                                              
2830 #if defined(PNG_SETJMP_NOT_THREAD_SAFE)                                                                                                                 
2831       UnlockSemaphoreInfo(ping_semaphore);                                                                                                              
2832 #endif                                                                                                                                                  
2833       if (quantum_info != (QuantumInfo *) NULL)                                                                                                         
2834         quantum_info = DestroyQuantumInfo(quantum_info);                                                                                                
2835                                                                                                                                                         
2836       if (ping_pixels != (unsigned char *) NULL)                                                                                                        
2837         ping_pixels=(unsigned char *) RelinquishMagickMemory(ping_pixels);                                                                              
2838                                                                                                                                                         
2839       if (logging != MagickFalse)                                                                                                                       
2840         (void) LogMagickEvent(CoderEvent,GetMagickModule(),                                                                                             
2841           "  exit ReadOnePNGImage() with error.");                                                                                                      
2842                                                                                                                                                         
2843       if (image != (Image *) NULL)                                                                                                                      
2844         {                                                                                                                                               
2845           InheritException(exception,&image->exception);                                                                                                
2846           image->columns=0;                                                                                                                             
2847         }                                                                                                                                               
2848                                                                                                                                                         
2849       return(GetFirstImageInList(image));                                                                                                               
2850     }                                                                                                                                                   
2851                                                                                                                                                         
2852   quantum_info=AcquireQuantumInfo(image_info,image);
...
I think when png_read_row() has some error, it would jump to line #2824. But here quantum_info in stack is NULL, DestroyQuantumInfo() would never be called. So the memory alloced in line #2852 would not be released, there comes the memory leak.
User avatar
glennrp
Posts: 1147
Joined: 2006-04-01T08:16:32-07:00
Location: Maryland 39.26.30N 76.16.01W

Re: Memory leaks when reading png corrupt image

Post by glennrp »

Why would quantum_info be NULL? It was set to something non-NULL at line 2852, before the
error in png_read_row().
tangxm
Posts: 2
Joined: 2012-03-13T05:22:12-07:00
Authentication code: 8675308

Re: Memory leaks when reading png corrupt image

Post by tangxm »

but at line #2824, the quantom_info in stack is NULL. When png_read_row() is error, it would be jumped to line #2824, the stack info is restored, so the quantom_info reset to NULL.
User avatar
glennrp
Posts: 1147
Joined: 2006-04-01T08:16:32-07:00
Location: Maryland 39.26.30N 76.16.01W

Re: Memory leaks when reading png corrupt image

Post by glennrp »

I have checked a fix into SVN revision 7134.

There may be an impact on execution time because we now acquire and destroy
quantum_info once per row instead of once per image, in DirectClass images.
Post Reply