Skip to content

Potential Memory Leak in WritePDFImage in coders/pdf.c different from #576 #1454

Closed
@twelveand0

Description

@twelveand0

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

Potential memory leak in function WritePDFImage in coders/pdf.c, which is similar to but different from #576.

Steps to Reproduce

xref is allocated at line L1362 or reallocated at line L1499.

1362: xref=(MagickOffsetType *) AcquireQuantumMemory(2048UL,sizeof(*xref));

1499:  xref=(MagickOffsetType *) ResizeQuantumMemory(xref,(size_t) count+2048UL,
        sizeof(*xref));

However, when the function returns with MagickFalse (such as L1902 and L1912), xref was neither passed outside to the caller function nor freed. I believe the two positions needs to free xref because xref is freed at the default case at L1931 while the 2 positions locates in another 2 cases of a switch statement. So memory leak can happen at line 1902 and 1912.

There are many similar positions including L1965, L2011, L2021, L2082, L2179, L2427, L2437, L2488, L2529, L2539, L2594, L2682 and L2894.

System Configuration

  • ImageMagick version: ImageMagick-4f0ea40e2a090e245f31d1f05247520d6e7eb4ca
  • Environment (Operating system, version and so on): Ubuntu 16.04 + VS Code
  • Additional information: code review

Credit to Bingchang Liu of VARAS of IIE

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions