Memory leak when failing to allocate object... #1259
Comments
sebras
added a commit
to sebras/openjpeg
that referenced
this issue
Jun 22, 2020
sebras
added a commit
to sebras/openjpeg
that referenced
this issue
Jun 22, 2020
DanielHeath
pushed a commit
to radiopaedia/openjpeg
that referenced
this issue
Sep 21, 2021
mtremer
pushed a commit
to ipfire/ipfire-2.x
that referenced
this issue
Apr 29, 2022
- Update from version 2.3.1 to 2.4.0
- Update of rootfile
- Changelog
2.4.0
**Closed issues:**
- OPENJPEG\_INSTALL\_DOC\_DIR does not control a destination directory where HTML docs would be installed. [\#1309](uclouvain/openjpeg#1309)
- Heap-buffer-overflow in lib/openjp2/pi.c:312 [\#1302](uclouvain/openjpeg#1302)
- Heap-buffer-overflow in lib/openjp2/t2.c:973 [\#1299](uclouvain/openjpeg#1299)
- Heap-buffer-overflow in lib/openjp2/pi.c:623 [\#1293](uclouvain/openjpeg#1293)
- Global-buffer-overflow in lib/openjp2/dwt.c:1980 [\#1286](uclouvain/openjpeg#1286)
- Heap-buffer-overflow in lib/openjp2/tcd.c:2417 [\#1284](uclouvain/openjpeg#1284)
- Heap-buffer-overflow in lib/openjp2/mqc.c:499 [\#1283](uclouvain/openjpeg#1283)
- Openjpeg could not encode 32bit RGB float image [\#1281](uclouvain/openjpeg#1281)
- Openjpeg could not encode 32bit RGB float image [\#1280](uclouvain/openjpeg#1280)
- ISO/IEC 15444-1:2019 \(E\) compared with 'cio.h' [\#1277](uclouvain/openjpeg#1277)
- Test-suite failure due to hash mismatch [\#1264](uclouvain/openjpeg#1264)
- Heap use-after-free [\#1261](uclouvain/openjpeg#1261)
- Memory leak when failing to allocate object... [\#1259](uclouvain/openjpeg#1259)
- Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... [\#1257](uclouvain/openjpeg#1257)
- Any plan to build release for CVE-2020-8112/CVE-2020-6851 [\#1247](uclouvain/openjpeg#1247)
- failing to convert 16-bit file: opj\_t2\_encode\_packet\(\): only 5251 bytes remaining in output buffer. 5621 needed. [\#1243](uclouvain/openjpeg#1243)
- CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install [\#1239](uclouvain/openjpeg#1239)
- New release to solve CVE-2019-6988 ? [\#1238](uclouvain/openjpeg#1238)
- Many tests fail to pass after the update of libtiff to version 4.1.0 [\#1233](uclouvain/openjpeg#1233)
- Another heap buffer overflow in libopenjp2 [\#1231](uclouvain/openjpeg#1231)
- Heap buffer overflow in libopenjp2 [\#1228](uclouvain/openjpeg#1228)
- Endianness of binary volume \(JP3D\) [\#1224](uclouvain/openjpeg#1224)
- New release to resolve CVE-2019-12973 [\#1222](uclouvain/openjpeg#1222)
- how to set the block size,like 128,256 ? [\#1216](uclouvain/openjpeg#1216)
- compress YUV files to motion jpeg2000 standard [\#1213](uclouvain/openjpeg#1213)
- Repair/update Java wrapper, and include in release [\#1208](uclouvain/openjpeg#1208)
- abc [\#1206](uclouvain/openjpeg#1206)
- Slow decoding [\#1202](uclouvain/openjpeg#1202)
- Installation question [\#1201](uclouvain/openjpeg#1201)
- Typo in test\_decode\_area - \*ptilew is assigned instead of \*ptileh [\#1195](uclouvain/openjpeg#1195)
- Creating a J2K file with one POC is broken [\#1191](uclouvain/openjpeg#1191)
- Make fails on Arch Linux [\#1174](uclouvain/openjpeg#1174)
- Heap buffer overflow in opj\_t1\_clbl\_decode\_processor\(\) triggered with Ghostscript [\#1158](uclouvain/openjpeg#1158)
- opj\_stream\_get\_number\_byte\_left: Assertion `p\_stream-\>m\_byte\_offset \>= 0' failed. [\#1151](uclouvain/openjpeg#1151)
- The fuzzer ignores too many inputs [\#1079](uclouvain/openjpeg#1079)
- out of bounds read [\#1068](uclouvain/openjpeg#1068)
**Merged pull requests:**
- Change defined WIN32 [\#1310](uclouvain/openjpeg#1310) ([Jamaika1](https://github.com/Jamaika1))
- docs: fix simple typo, producted -\> produced [\#1308](uclouvain/openjpeg#1308) ([timgates42](https://github.com/timgates42))
- Set ${OPENJPEG\_INSTALL\_DOC\_DIR} to DESTINATION of HTMLs [\#1307](uclouvain/openjpeg#1307) ([lemniscati](https://github.com/lemniscati))
- Use INC\_DIR for OPENJPEG\_INCLUDE\_DIRS \(fixes uclouvain\#1174\) [\#1306](uclouvain/openjpeg#1306) ([matthew-sharp](https://github.com/matthew-sharp))
- pi.c: avoid out of bounds access with POC \(fixes \#1302\) [\#1304](uclouvain/openjpeg#1304) ([rouault](https://github.com/rouault))
- Encoder: grow again buffer size [\#1303](uclouvain/openjpeg#1303) ([zodf0055980](https://github.com/zodf0055980))
- opj\_j2k\_write\_sod\(\): avoid potential heap buffer overflow \(fixes \#1299\) \(probably master only\) [\#1301](uclouvain/openjpeg#1301) ([rouault](https://github.com/rouault))
- pi.c: avoid out of bounds access with POC \(refs uclouvain/openjpeg#1293) [\#1300](uclouvain/openjpeg#1300) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1297, but likely not the proper fix [\#1298](uclouvain/openjpeg#1298) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1294, but likely not the proper fix [\#1296](uclouvain/openjpeg#1296) ([rouault](https://github.com/rouault))
- opj\_j2k\_setup\_encoder\(\): validate POC compno0 and compno1 \(fixes \#1293\) [\#1295](uclouvain/openjpeg#1295) ([rouault](https://github.com/rouault))
- Encoder: avoid global buffer overflow on irreversible conversion when… [\#1292](uclouvain/openjpeg#1292) ([rouault](https://github.com/rouault))
- Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC [\#1291](uclouvain/openjpeg#1291) ([rouault](https://github.com/rouault))
- Free p\_tcd\_marker\_info to avoid memory leak [\#1288](uclouvain/openjpeg#1288) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: grow again buffer size [\#1287](uclouvain/openjpeg#1287) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: avoid uint32 overflow when allocating memory for codestream buffer \(fixes \#1243\) [\#1276](uclouvain/openjpeg#1276) ([rouault](https://github.com/rouault))
- Java compatibility from 1.5 to 1.6 [\#1263](uclouvain/openjpeg#1263) ([jiapei100](https://github.com/jiapei100))
- opj\_decompress: fix double-free on input directory with mix of valid and invalid images [\#1262](uclouvain/openjpeg#1262) ([rouault](https://github.com/rouault))
- openjp2: Plug image leak when failing to allocate codestream index. [\#1260](uclouvain/openjpeg#1260) ([sebras](https://github.com/sebras))
- openjp2: Plug memory leak when setting data as TLS fails. [\#1258](uclouvain/openjpeg#1258) ([sebras](https://github.com/sebras))
- openjp2: Error out if failing to create Tier 1 handle. [\#1256](uclouvain/openjpeg#1256) ([sebras](https://github.com/sebras))
- Testing for invalid values of width, height, numcomps [\#1254](uclouvain/openjpeg#1254) ([szukw000](https://github.com/szukw000))
- Single-threaded performance improvements in forward DWT for 5-3 and 9-7 \(and other improvements\) [\#1253](uclouvain/openjpeg#1253) ([rouault](https://github.com/rouault))
- Add support for multithreading in encoder [\#1248](uclouvain/openjpeg#1248) ([rouault](https://github.com/rouault))
- Add support for generation of PLT markers in encoder [\#1246](uclouvain/openjpeg#1246) ([rouault](https://github.com/rouault))
- Fix warnings about signed/unsigned casts in pi.c [\#1244](uclouvain/openjpeg#1244) ([rouault](https://github.com/rouault))
- opj\_decompress: add sanity checks to avoid segfault in case of decoding error [\#1240](uclouvain/openjpeg#1240) ([rouault](https://github.com/rouault))
- ignore wrong icc [\#1236](uclouvain/openjpeg#1236) ([szukw000](https://github.com/szukw000))
- Implement writing of IMF profiles [\#1235](uclouvain/openjpeg#1235) ([rouault](https://github.com/rouault))
- tests: add alternate checksums for libtiff 4.1 [\#1234](uclouvain/openjpeg#1234) ([rouault](https://github.com/rouault))
- opj\_tcd\_init\_tile\(\): avoid integer overflow [\#1232](uclouvain/openjpeg#1232) ([rouault](https://github.com/rouault))
- tests/fuzzers: link fuzz binaries using $LIB\_FUZZING\_ENGINE. [\#1230](uclouvain/openjpeg#1230) ([Dor1s](https://github.com/Dor1s))
- opj\_j2k\_update\_image\_dimensions\(\): reject images whose coordinates are beyond INT\_MAX \(fixes \#1228\) [\#1229](uclouvain/openjpeg#1229) ([rouault](https://github.com/rouault))
- Fix resource leaks [\#1226](uclouvain/openjpeg#1226) ([dodys](https://github.com/dodys))
- abi-check.sh: fix false postive ABI error, and display output error log [\#1218](uclouvain/openjpeg#1218) ([rouault](https://github.com/rouault))
- pi.c: avoid integer overflow, resulting in later invalid access to memory in opj\_t2\_decode\_packets\(\) [\#1217](uclouvain/openjpeg#1217) ([rouault](https://github.com/rouault))
- Add check to validate SGcod/SPcoc/SPcod parameter values. [\#1211](uclouvain/openjpeg#1211) ([sebras](https://github.com/sebras))
- Fix buffer overflow reading an image file less than four characters [\#1196](uclouvain/openjpeg#1196) ([robert-ancell](https://github.com/robert-ancell))
- compression: emit POC marker when only one single POC is requested \(f… [\#1192](uclouvain/openjpeg#1192) ([rouault](https://github.com/rouault))
- Fix several potential vulnerabilities [\#1185](uclouvain/openjpeg#1185) ([Young-X](https://github.com/Young-X))
- openjp2/j2k: Report error if all wanted components are not decoded. [\#1164](uclouvain/openjpeg#1164) ([sebras](https://github.com/sebras))
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
I found a memory leak by using a custom allocator where I can control when it returns NULL.
This is the relevant parts of two backtraces showing the locations of the leaks:
This is the backtrace of where the allocator returns
NULL, causing the two leaks above:Looking at the source code it is obvious that
p_imageis never freed ifopj_j2k_allocate_tile_element_cstr_index()returns an error.The text was updated successfully, but these errors were encountered: