[sfnt] Fix memory leak in png loading.

Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1182552 Memory is allocated and the pointer assigned to `rows` inside a 'setjmp' scope. This memory must be freed outside the 'setjmp' scope after a 'longjmp'. Since `rows` is a local and modified inside the 'setjmp' scope it must be marked volatile or it will have an indeterminate value after the 'longjmp'. * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
2021-03-15 14:32:24 -04:00 · 2021-03-15 14:32:24 -04:00 · b0729b8fbb
commit b0729b8fbb
parent 66005cbae1
2 changed files with 20 additions and 1 deletions
--- a/16
+++ b/16
@ -1,3 +1,19 @@
+2021-03-16  Ben Wagner  <bungeman@google.com>
+
+	[sfnt] Fix memory leak in png loading.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
+
+	Memory is allocated and the pointer assigned to `rows` inside a
+	'setjmp' scope.  This memory must be freed outside the 'setjmp'
+	scope after a 'longjmp'.  Since `rows` is a local and modified
+	inside the 'setjmp' scope it must be marked volatile or it will have
+	an indeterminate value after the 'longjmp'.
+
+	* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
+
 2021-03-16  Christopher Degawa  <ccom@randomderp.com>

 	* CMakeLists.txt: Don't limit generation of 'pkg-config' file to UNIX.
--- a/src/sfnt/pngshim.c
+++ b/src/sfnt/pngshim.c
@ -270,7 +270,10 @@

    int         bitdepth, color_type, interlace;
    FT_Int      i;
-    png_byte*  *rows = NULL; /* pacify compiler */
+
+    /* `rows` gets modified within a 'setjmp' scope; */
+    /* we thus need the `volatile` keyword.          */
+    png_byte* *volatile  rows = NULL;


    if ( x_offset < 0 ||