| CVE: CVE-2019-6128 |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@intel.com> |
| |
| From 0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 Mon Sep 17 00:00:00 2001 |
| From: Scott Gayou <github.scott@gmail.com> |
| Date: Wed, 23 Jan 2019 15:03:53 -0500 |
| Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128. |
| |
| pal2rgb failed to free memory on a few errors. This was reported |
| here: http://bugzilla.maptools.org/show_bug.cgi?id=2836. |
| --- |
| tools/pal2rgb.c | 7 ++++++- |
| 1 file changed, 6 insertions(+), 1 deletion(-) |
| |
| diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c |
| index 01d8502ec..9492f1cf1 100644 |
| --- a/tools/pal2rgb.c |
| +++ b/tools/pal2rgb.c |
| @@ -118,12 +118,14 @@ main(int argc, char* argv[]) |
| shortv != PHOTOMETRIC_PALETTE) { |
| fprintf(stderr, "%s: Expecting a palette image.\n", |
| argv[optind]); |
| + (void) TIFFClose(in); |
| return (-1); |
| } |
| if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) { |
| fprintf(stderr, |
| "%s: No colormap (not a valid palette image).\n", |
| argv[optind]); |
| + (void) TIFFClose(in); |
| return (-1); |
| } |
| bitspersample = 0; |
| @@ -131,11 +133,14 @@ main(int argc, char* argv[]) |
| if (bitspersample != 8) { |
| fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n", |
| argv[optind]); |
| + (void) TIFFClose(in); |
| return (-1); |
| } |
| out = TIFFOpen(argv[optind+1], "w"); |
| - if (out == NULL) |
| + if (out == NULL) { |
| + (void) TIFFClose(in); |
| return (-2); |
| + } |
| cpTags(in, out); |
| TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth); |
| TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength); |
| -- |
| 2.21.0 |