Closed
Description
Prerequisites
- I have written a descriptive issue title
- I have verified that I am using the latest version of ImageMagick
- I have searched open and closed issues to ensure it has not already been reported
Description
memory leak in WritePSDChannel in coders/psd.c
Steps to Reproduce
The critical code snippet is:
https://github.com/ImageMagick/ImageMagick/blob/master/coders/psd.c#L2767
#ifdef MAGICKCORE_ZLIB_DELEGATE
if (compression == ZipCompression)
{
compressed_pixels=(unsigned char *) AcquireQuantumMemory(CHUNK, //line 2770
sizeof(*compressed_pixels));
if (compressed_pixels == (unsigned char *) NULL)
{
quantum_info=DestroyQuantumInfo(quantum_info);
return(0);
}
memset(&stream,0,sizeof(stream));
stream.data_type=Z_BINARY;
level=Z_DEFAULT_COMPRESSION;
if ((image_info->quality > 0 && image_info->quality < 10))
level=(int) image_info->quality;
if (deflateInit(&stream,level) != Z_OK) //line 2782
{
quantum_info=DestroyQuantumInfo(quantum_info);
return(0); //line 2785
}
}compressed_pixels is allocated at line 2770, however, when the condition at line 2782 is satisfied and the function returns at line 2785, compressed_pixels (size is 16KB) is not freed and memory leak happens. In addition, the value of compressed_pixels is not passed outside to its caller function when returned at line 2785.
So the condition that this memory leak happens is that MAGICKCORE_ZLIB_DELEGATE is defined, compression type is ZipCompression and deflateInit(&stream,level) is not Z_OK. The size of leaked memory is 16KB.
Patch suggestion:
if (deflateInit(&stream,level) != Z_OK) //line 2782
{
quantum_info=DestroyQuantumInfo(quantum_info);
+ compressed_pixels=(unsigned char *) RelinquishMagickMemory(
+ compressed_pixels);
return(0);
}
}System Configuration
- ImageMagick version: ImageMagick-4f0ea40e2a090e245f31d1f05247520d6e7eb4ca
- Environment (Operating system, version and so on): Ubuntu 16.04
- Additional information:
Credit to Bingchang Liu at VARAS of IIE