From d038af317888dc6c14381230eb2927b4231ff52c Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Tue, 12 May 2015 08:32:32 +0100 Subject: [PATCH] Fix the PNG handler crashing in low memory situations. Obtaining a netsurf bitmap buffer may fail on some frontends (RISC OS especially) as the bitmap allocation is not performed until the buffer is requested. The PNG image handler failed to check for this when populating the row pointer structure. --- image/png.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/image/png.c b/image/png.c index de2059f5a..ecb7e3c65 100644 --- a/image/png.c +++ b/image/png.c @@ -404,6 +404,13 @@ static png_bytep *calc_row_pointers(struct bitmap *bitmap) png_bytep *row_ptrs; int hloop; + /* The buffer allocation may occour when the buffer is aquired + * and therefore may fail. + */ + if (buffer == NULL) { + return NULL; + } + row_ptrs = malloc(sizeof(png_bytep) * height); if (row_ptrs != NULL) { @@ -485,6 +492,9 @@ png_cache_convert(struct content *c) if (row_pointers != NULL) { png_read_image(png_ptr, (png_bytep *) row_pointers); + } else { + guit->bitmap->destroy((struct bitmap *)bitmap); + bitmap = NULL; } png_cache_convert_error: @@ -492,7 +502,9 @@ png_cache_convert_error: /* cleanup png read */ png_destroy_read_struct(&png_ptr, &info_ptr, &end_info_ptr); - free((png_bytep *) row_pointers); + if (row_pointers != NULL) { + free((png_bytep *) row_pointers); + } if (bitmap != NULL) { guit->bitmap->modified((struct bitmap *)bitmap);