From 7d919c7849b89814e325724dea73fb74f6a72ccc Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 18 Dec 2016 22:28:42 +0000 Subject: [PATCH] * libtiff/tif_getimage.c: fix potential memory leaks in error code path of TIFFRGBAImageBegin(). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2627 --- ChangeLog | 6 ++++++ libtiff/tif_getimage.c | 21 +++++++++------------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6165f2d7..0a20a527 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2016-12-18 Even Rouault + + * libtiff/tif_getimage.c: fix potential memory leaks in error code + path of TIFFRGBAImageBegin(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2627 + 2016-12-18 Even Rouault * tools/tiff2pdf.c: prevent heap-based buffer overflow in -j mode diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c index c0eb6df0..2ea83855 100644 --- a/libtiff/tif_getimage.c +++ b/libtiff/tif_getimage.c @@ -1,4 +1,4 @@ -/* $Id: tif_getimage.c,v 1.100 2016-12-17 22:33:11 erouault Exp $ */ +/* $Id: tif_getimage.c,v 1.101 2016-12-18 22:28:42 erouault Exp $ */ /* * Copyright (c) 1991-1997 Sam Leffler @@ -283,6 +283,13 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) img->redcmap = NULL; img->greencmap = NULL; img->bluecmap = NULL; + img->Map = NULL; + img->BWmap = NULL; + img->PALmap = NULL; + img->ycbcr = NULL; + img->cielab = NULL; + img->UaToAa = NULL; + img->Bitdepth16To8 = NULL; img->req_orientation = ORIENTATION_BOTLEFT; /* It is the default */ img->tif = tif; @@ -468,13 +475,6 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) photoTag, img->photometric); goto fail_return; } - img->Map = NULL; - img->BWmap = NULL; - img->PALmap = NULL; - img->ycbcr = NULL; - img->cielab = NULL; - img->UaToAa = NULL; - img->Bitdepth16To8 = NULL; TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &img->width); TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &img->height); TIFFGetFieldDefaulted(tif, TIFFTAG_ORIENTATION, &img->orientation); @@ -494,10 +494,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) return 1; fail_return: - _TIFFfree( img->redcmap ); - _TIFFfree( img->greencmap ); - _TIFFfree( img->bluecmap ); - img->redcmap = img->greencmap = img->bluecmap = NULL; + TIFFRGBAImageEnd( img ); return 0; }