You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pcd_table[i] is allocated at line 202, however, pcd_table[0~i] are forgot to be freed when exception happens at line 204 or function returns at line 215. pcd_table is a local array variable and it isn't passed to the caller function when DecodeImage returns with MagickFalse at line 207 and 218. As a result, the allocated memory pcd_table[0~(i-1)] (or pcd_table[0~i] when returned at line 218) will not be freed and memory leak happens.
The max size of leaked memory is 3*(0xff+1)*sizeof(*pcd_table[0])
The patch suggestion:
if (pcd_table[i] == (PCDTable*) NULL) //line 204
{
buffer=(unsigned char*) RelinquishMagickMemory(buffer);
for (k=0; k<i; k++)
pcd_table[k] = (PCDTable*)RelinquishMagickMemory(pcd_table[k]);
ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
image->filename);
}
if (r->length>16)
{
buffer=(unsigned char*) RelinquishMagickMemory(buffer);
for (k=0; k <= i; k++)
pcd_table[k] = (PCDTable*)RelinquishMagickMemory(pcd_table[k]);
return(MagickFalse);
}
Prerequisites
Description
memory leak in DecodeImage in coders/pcd.c, which is different from #1193 and #811
Steps to Reproduce
The critical code snippet is:
https://github.com/ImageMagick/ImageMagick/blob/master/coders/pcd.c#L198
pcd_table[i] is allocated at line 202, however, pcd_table[0~i] are forgot to be freed when exception happens at line 204 or function returns at line 215. pcd_table is a local array variable and it isn't passed to the caller function when DecodeImage returns with MagickFalse at line 207 and 218. As a result, the allocated memory pcd_table[0~(i-1)] (or pcd_table[0~i] when returned at line 218) will not be freed and memory leak happens.
The max size of leaked memory is 3*(0xff+1)*sizeof(*pcd_table[0])
The patch suggestion:
System Configuration
Credit to Bingchang Liu at VARAS of IIE
The text was updated successfully, but these errors were encountered: