Skip to content

Memory leak in ReadBMPImage in coder/bmp.c and ReadVIFFImage in coder/viff.c. #1600

Closed
@YangY-Xiao

Description

@YangY-Xiao

Prerequisites

  • [ Y ] I have written a descriptive issue title
  • [ Y ] I have verified that I am using the latest version of ImageMagick
  • [ Y ] I have searched open and closed issues to ensure it has not already been reported

Description

There are two memory leak issues in ReadBMPImage in coder/bmp.c and ReadVIFFImage in coder/viff.c.

There is a patch 3b48d20, which fixed multiple memory leak vulnerabilities.

However, the patch for ReadBMPImage is wrong.

        if (GetNextImageInList(image) == (Image *) NULL)
          {
-            image=DestroyImageList(image);
+            status=MagickFalse;
            return((Image *) NULL);
          }

Below is the correct logic.

        if (GetNextImageInList(image) == (Image *) NULL)
          {
-            image=DestroyImageList(image);
-            return((Image *) NULL);
+            status=MagickFalse;
+            break;
          }

https://github.com/ImageMagick/ImageMagick/blob/master/coders/bmp.c#L1508

At the same time, there is the same issue in ReadVIFFImage.

        if (GetNextImageInList(image) == (Image *) NULL)
          {
            image=DestroyImageList(image);
            return((Image *) NULL);
           }

https://github.com/ImageMagick/ImageMagick/blob/master/coders/viff.c#L774

Steps to Reproduce

System Configuration

  • ImageMagick version:
  • Environment (Operating system, version and so on):
  • Additional information:

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions