cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Call png_image_free_function without guarding it with png_safe_execute

Browse Source 
png_image_free_function (or any other destructor) should never fail.
Destructors need not and must not be executed under png_safe_execute.

Reference: CVE-2019-7317, use-after-free in png_image_free
This commit is contained in:
Cosmin Truta 2019-02-03 22:40:56 -05:00
parent 8439534daa
commit 9c0d5c77bf
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
png.c
View File

@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
if (image != NULL && image->opaque != NULL &&
image->opaque->error_buf == NULL)
{
/* Ignore errors here: */
(void)png_safe_execute(image, png_image_free_function, image);
png_image_free_function(image);
image->opaque = NULL;
}
}