| Brad Bishop | 96ff198 | 2019-08-19 13:50:42 -0400 | [diff] [blame] | 1 | CVE: CVE-2019-6128 |
| 2 | Upstream-Status: Backport |
| 3 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
| 4 | |
| 5 | From 0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 Mon Sep 17 00:00:00 2001 |
| 6 | From: Scott Gayou <github.scott@gmail.com> |
| 7 | Date: Wed, 23 Jan 2019 15:03:53 -0500 |
| 8 | Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128. |
| 9 | |
| 10 | pal2rgb failed to free memory on a few errors. This was reported |
| 11 | here: http://bugzilla.maptools.org/show_bug.cgi?id=2836. |
| 12 | --- |
| 13 | tools/pal2rgb.c | 7 ++++++- |
| 14 | 1 file changed, 6 insertions(+), 1 deletion(-) |
| 15 | |
| 16 | diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c |
| 17 | index 01d8502ec..9492f1cf1 100644 |
| 18 | --- a/tools/pal2rgb.c |
| 19 | +++ b/tools/pal2rgb.c |
| 20 | @@ -118,12 +118,14 @@ main(int argc, char* argv[]) |
| 21 | shortv != PHOTOMETRIC_PALETTE) { |
| 22 | fprintf(stderr, "%s: Expecting a palette image.\n", |
| 23 | argv[optind]); |
| 24 | + (void) TIFFClose(in); |
| 25 | return (-1); |
| 26 | } |
| 27 | if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) { |
| 28 | fprintf(stderr, |
| 29 | "%s: No colormap (not a valid palette image).\n", |
| 30 | argv[optind]); |
| 31 | + (void) TIFFClose(in); |
| 32 | return (-1); |
| 33 | } |
| 34 | bitspersample = 0; |
| 35 | @@ -131,11 +133,14 @@ main(int argc, char* argv[]) |
| 36 | if (bitspersample != 8) { |
| 37 | fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n", |
| 38 | argv[optind]); |
| 39 | + (void) TIFFClose(in); |
| 40 | return (-1); |
| 41 | } |
| 42 | out = TIFFOpen(argv[optind+1], "w"); |
| 43 | - if (out == NULL) |
| 44 | + if (out == NULL) { |
| 45 | + (void) TIFFClose(in); |
| 46 | return (-2); |
| 47 | + } |
| 48 | cpTags(in, out); |
| 49 | TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth); |
| 50 | TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength); |
| 51 | -- |
| 52 | 2.21.0 |