oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c

From: "Agostino Sarubbo" <ago () gentoo org>
Date: Mon, 10 Apr 2017 07:06:05 +0000
http://bugzilla.maptools.org/show_bug.cgi?id=2659 :

In tif_ojpeg.c, in OJPEGReadHeaderInfoSecTablesDcTable, we have
rb=_TIFFmalloc(ra). After, values for rb are filled out. Then there is an if
(p!=q) return 0, which goes before the line sp->dctable[m]=rb;

Therefore, clearly rb is leaking every time the if (p!=q) is entered, since
memory is allocated but it is not even assigned anywhere. Our fix:

https://pdfium-review.googlesource.com/c/2176/

##################

Patch applied per

2017-01-12 Even Rouault <even.rouault at spatialys.com>

        * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
        when read fails.
        Patch by Nicolás Peña.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659

--
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: