Memory leaks when reading png corrupt image
Posted: 2012-03-13T07:25:09-07:00
hi, guys:
I'm using IM6.7.5, and there may be a memory leak in coders/png.c. Here is the code:
I think when png_read_row() has some error, it would jump to line #2824. But here quantum_info in stack is NULL, DestroyQuantumInfo() would never be called. So the memory alloced in line #2852 would not be released, there comes the memory leak.
I'm using IM6.7.5, and there may be a memory leak in coders/png.c. Here is the code:
Code: Select all
2821 /*
2822 Convert PNG pixels to pixel packets.
2823 */
2824 if (setjmp(png_jmpbuf(ping)))
2825 {
2826 /*
2827 PNG image is corrupt.
2828 */
2829 png_destroy_read_struct(&ping,&ping_info,&end_info);
2830 #if defined(PNG_SETJMP_NOT_THREAD_SAFE)
2831 UnlockSemaphoreInfo(ping_semaphore);
2832 #endif
2833 if (quantum_info != (QuantumInfo *) NULL)
2834 quantum_info = DestroyQuantumInfo(quantum_info);
2835
2836 if (ping_pixels != (unsigned char *) NULL)
2837 ping_pixels=(unsigned char *) RelinquishMagickMemory(ping_pixels);
2838
2839 if (logging != MagickFalse)
2840 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
2841 " exit ReadOnePNGImage() with error.");
2842
2843 if (image != (Image *) NULL)
2844 {
2845 InheritException(exception,&image->exception);
2846 image->columns=0;
2847 }
2848
2849 return(GetFirstImageInList(image));
2850 }
2851
2852 quantum_info=AcquireQuantumInfo(image_info,image);
...