Call png_image_free_function without guarding it with png_safe_execute
png_image_free_function (or any other destructor) should never fail. Destructors need not and must not be executed under png_safe_execute. Reference: CVE-2019-7317, use-after-free in png_image_free
This commit is contained in:
parent
8439534daa
commit
9c0d5c77bf
3
png.c
3
png.c
@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
|
|||||||
if (image != NULL && image->opaque != NULL &&
|
if (image != NULL && image->opaque != NULL &&
|
||||||
image->opaque->error_buf == NULL)
|
image->opaque->error_buf == NULL)
|
||||||
{
|
{
|
||||||
/* Ignore errors here: */
|
png_image_free_function(image);
|
||||||
(void)png_safe_execute(image, png_image_free_function, image);
|
|
||||||
image->opaque = NULL;
|
image->opaque = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user