From 419a6d51b3bfcc4f5bedd393d66954bcd6fb3077 Mon Sep 17 00:00:00 2001 From: Alexander Alekhin Date: Tue, 28 May 2019 19:39:04 +0000 Subject: [PATCH] 3rdparty(libpng): fix leak in png_handle_eXIf oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13314 ported commit: https://github.com/glennrp/libpng/commit/a142b7a543d16d271b8aba3ef7ca4aa9a368f55d --- .../20190528-fix-leak-png_handle_exif.diff | 17 +++++++++++++++++ 3rdparty/libpng/pngrutil.c | 6 ++---- 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 3rdparty/libpng/patches/20190528-fix-leak-png_handle_exif.diff diff --git a/3rdparty/libpng/patches/20190528-fix-leak-png_handle_exif.diff b/3rdparty/libpng/patches/20190528-fix-leak-png_handle_exif.diff new file mode 100644 index 0000000000..f2dbc4dd5e --- /dev/null +++ b/3rdparty/libpng/patches/20190528-fix-leak-png_handle_exif.diff @@ -0,0 +1,17 @@ +diff --git a/3rdparty/libpng/pngrutil.c b/3rdparty/libpng/pngrutil.c +index d5fa08c397..4db3de990b 100644 +--- a/3rdparty/libpng/pngrutil.c ++++ b/3rdparty/libpng/pngrutil.c +@@ -2087,10 +2087,8 @@ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) + } + } + +- if (png_crc_finish(png_ptr, 0) != 0) +- return; +- +- png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); ++ if (png_crc_finish(png_ptr, 0) == 0) ++ png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); + + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; diff --git a/3rdparty/libpng/pngrutil.c b/3rdparty/libpng/pngrutil.c index d5fa08c397..4db3de990b 100644 --- a/3rdparty/libpng/pngrutil.c +++ b/3rdparty/libpng/pngrutil.c @@ -2087,10 +2087,8 @@ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) } } - if (png_crc_finish(png_ptr, 0) != 0) - return; - - png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); + if (png_crc_finish(png_ptr, 0) == 0) + png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); png_free(png_ptr, info_ptr->eXIf_buf); info_ptr->eXIf_buf = NULL;