jasper/jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
Jiri Popelka c73923e32e CVE-2011-4516, CVE-2011-4517, CERT VU#887409 (#765660)
Fixed problems found by static analysis of code (#761440)
2011-12-09 12:44:44 +01:00

203 lines
8.6 KiB
Diff

Error: RESOURCE_LEAK
src/appl/imgcmp.c:504: var_assign: Assigning: "diffimage" = storage returned from "jas_image_create(3, compparms, 1025)".
src/appl/imgcmp.c:511: leaked_storage: Variable "diffimage" going out of scope leaks the storage it points to.
src/appl/imgcmp.c:537: leaked_storage: Variable "diffimage" going out of scope leaks the storage it points to.
base/jas_image.c:254: var_assign: Assigning: "newcmpt" = storage returned from "jas_image_cmpt_create0()".
base/jas_image.c:268: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to.
base/jas_image.c:271: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to.
base/jas_image.c:274: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to.
base/jas_image.c:277: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to.
base/jas_cm.c:611: var_assign: Assigning: "newpxformseq" = storage returned from "jas_cmpxformseq_create()".
base/jas_cm.c:617: leaked_storage: Variable "newpxformseq" going out of scope leaks the storage it points to.
base/jas_cm.c:343: var_assign: Assigning: "newprof" = storage returned from "jas_cmprof_create()".
base/jas_cm.c:358: leaked_storage: Variable "newprof" going out of scope leaks the storage it points to.
base/jas_cm.c:380: var_assign: Assigning: "xform" = storage returned from "jas_malloc(sizeof (jas_cmxform_t) /*16*/)".
base/jas_cm.c:461: leaked_storage: Variable "xform" going out of scope leaks the storage it points to.
base/jas_image.c:1379: var_assign: Assigning: "xform" = storage returned from "jas_cmxform_create(inprof, outprof, NULL, 0, intent, 0)".
base/jas_image.c:1444: leaked_storage: Variable "xform" going out of scope leaks the storage it points to.
base/jas_image.c:1306: var_assign: Assigning: "inimage" = storage returned from "jas_image_copy(image)".
base/jas_image.c:1444: leaked_storage: Variable "inimage" going out of scope leaks the storage it points to.
base/jas_image.c:1345: var_assign: Assigning: "outimage" = storage returned from "jas_image_create0()".
base/jas_image.c:1444: leaked_storage: Variable "outimage" going out of scope leaks the storage it points to.
bmp/bmp_enc.c:187: var_assign: Assigning: "info" = storage returned from "bmp_info_create()".
bmp/bmp_enc.c:208: leaked_storage: Variable "info" going out of scope leaks the storage it points to.
jpc/jpc_tagtree.c:111: var_assign: Assigning: "tree" = storage returned from "jpc_tagtree_alloc()".
jpc/jpc_tagtree.c:129: leaked_storage: Variable "tree" going out of scope leaks the storage it points to.
jpc/jpc_dec.c:452: var_assign: Assigning: "compinfos" = storage returned from "jas_malloc(dec->numcomps * sizeof (jas_image_cmptparm_t) /*56*/)".
jpc/jpc_dec.c:468: leaked_storage: Variable "compinfos" going out of scope leaks the storage it points to.
jpc/jpc_dec.c:1483: var_assign: Assigning: "cp" = storage returned from "jas_malloc(sizeof (jpc_dec_cp_t) /*48*/)".
jpc/jpc_dec.c:1493: leaked_storage: Variable "cp" going out of scope leaks the storage it points to.
jpc/jpc_dec.c:1497: leaked_storage: Variable "cp" going out of scope leaks the storage it points to.
mif/mif_cod.c:523: var_assign: Assigning: "cmpt" = storage returned from "mif_cmpt_create()".
mif/mif_cod.c:568: leaked_storage: Variable "cmpt" going out of scope leaks the storage it points to.
mif/mif_cod.c:568: leaked_storage: Variable "tvp" going out of scope leaks the storage it points to.
diff -up jasper-1.900.1/src/appl/imgcmp.c.RESOURCE_LEAK jasper-1.900.1/src/appl/imgcmp.c
--- jasper-1.900.1/src/appl/imgcmp.c.RESOURCE_LEAK 2007-01-19 22:43:08.000000000 +0100
+++ jasper-1.900.1/src/appl/imgcmp.c 2011-12-08 14:16:04.727027007 +0100
@@ -507,6 +507,7 @@ jas_image_t *makediffimage(jas_matrix_t
for (i = 0; i < 3; ++i) {
if (!(diffdata[i] = jas_matrix_create(height, width))) {
+ jas_image_destroy(diffimage);
fprintf(stderr, "internal error\n");
return 0;
}
@@ -534,6 +535,7 @@ jas_image_t *makediffimage(jas_matrix_t
for (i = 0; i < 3; ++i) {
if (jas_image_writecmpt(diffimage, i, 0, 0, width, height, diffdata[i])) {
+ jas_image_destroy(diffimage);
return 0;
}
}
diff -up jasper-1.900.1/src/libjasper/base/jas_cm.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/base/jas_cm.c
--- jasper-1.900.1/src/libjasper/base/jas_cm.c.RESOURCE_LEAK 2011-12-08 14:16:03.387043758 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_cm.c 2011-12-08 14:16:04.728026994 +0100
@@ -355,6 +355,8 @@ jas_cmprof_t *jas_cmprof_copy(jas_cmprof
}
return newprof;
error:
+ if (newprof)
+ jas_cmprof_destroy(newprof);
return 0;
}
@@ -458,6 +460,8 @@ jas_cmxform_t *jas_cmxform_create(jas_cm
}
return xform;
error:
+ if (xform)
+ jas_cmxform_destroy(xform);
return 0;
}
@@ -614,6 +618,8 @@ static jas_cmpxformseq_t *jas_cmpxformse
goto error;
return newpxformseq;
error:
+ if (newpxformseq)
+ jas_cmpxformseq_destroy(newpxformseq);
return 0;
}
diff -up jasper-1.900.1/src/libjasper/base/jas_image.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/base/jas_image.c
--- jasper-1.900.1/src/libjasper/base/jas_image.c.RESOURCE_LEAK 2011-12-08 14:16:04.635028156 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_image.c 2011-12-08 14:16:04.776026394 +0100
@@ -268,15 +268,19 @@ static jas_image_cmpt_t *jas_image_cmpt_
newcmpt->cps_ = cmpt->cps_;
newcmpt->type_ = cmpt->type_;
if (!(newcmpt->stream_ = jas_stream_memopen(0, 0))) {
+ jas_image_cmpt_destroy(newcmpt);
return 0;
}
if (jas_stream_seek(cmpt->stream_, 0, SEEK_SET)) {
+ jas_image_cmpt_destroy(newcmpt);
return 0;
}
if (jas_stream_copy(newcmpt->stream_, cmpt->stream_, -1)) {
+ jas_image_cmpt_destroy(newcmpt);
return 0;
}
if (jas_stream_seek(newcmpt->stream_, 0, SEEK_SET)) {
+ jas_image_cmpt_destroy(newcmpt);
return 0;
}
return newcmpt;
@@ -1443,5 +1447,11 @@ jas_image_dump(outimage, stderr);
#endif
return outimage;
error:
+ if (xform)
+ jas_cmxform_destroy(xform);
+ if (inimage)
+ jas_image_destroy(inimage);
+ if (outimage)
+ jas_image_destroy(outimage);
return 0;
}
diff -up jasper-1.900.1/src/libjasper/bmp/bmp_enc.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/bmp/bmp_enc.c
--- jasper-1.900.1/src/libjasper/bmp/bmp_enc.c.RESOURCE_LEAK 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1/src/libjasper/bmp/bmp_enc.c 2011-12-08 14:16:04.826025768 +0100
@@ -205,16 +205,19 @@ int bmp_encode(jas_image_t *image, jas_s
/* Write the bitmap header. */
if (bmp_puthdr(out, &hdr)) {
+ bmp_info_destroy(info);
return -1;
}
/* Write the bitmap information. */
if (bmp_putinfo(out, info)) {
+ bmp_info_destroy(info);
return -1;
}
/* Write the bitmap data. */
if (bmp_putdata(out, info, image, enc->cmpts)) {
+ bmp_info_destroy(info);
return -1;
}
diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.RESOURCE_LEAK 2011-12-08 14:16:04.594028668 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2011-12-08 14:17:25.677014992 +0100
@@ -465,6 +465,7 @@ static int jpc_dec_process_sot(jpc_dec_t
if (!(dec->image = jas_image_create(dec->numcomps, compinfos,
JAS_CLRSPC_UNKNOWN))) {
+ jas_free(compinfos);
return -1;
}
jas_free(compinfos);
@@ -1490,10 +1491,11 @@ static jpc_dec_cp_t *jpc_dec_cp_create(u
cp->mctid = 0;
cp->csty = 0;
if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) {
+ jpc_dec_cp_destroy(cp);
return 0;
}
if (!(cp->pchglist = jpc_pchglist_create())) {
- jas_free(cp->ccps);
+ jpc_dec_cp_destroy(cp);
return 0;
}
for (compno = 0, ccp = cp->ccps; compno < cp->numcomps;
diff -up jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c
--- jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c.RESOURCE_LEAK 2011-12-08 14:16:04.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c 2011-12-08 14:17:55.905637082 +0100
@@ -126,6 +126,7 @@ jpc_tagtree_t *jpc_tagtree_create(int nu
} while (n > 1);
if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) {
+ jpc_tagtree_destroy(tree);
return 0;
}
diff -up jasper-1.900.1/src/libjasper/mif/mif_cod.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/mif/mif_cod.c
--- jasper-1.900.1/src/libjasper/mif/mif_cod.c.RESOURCE_LEAK 2011-12-08 14:16:04.250032970 +0100
+++ jasper-1.900.1/src/libjasper/mif/mif_cod.c 2011-12-08 14:16:04.967024005 +0100
@@ -564,7 +564,7 @@ static int mif_process_cmpt(mif_hdr_t *h
break;
case MIF_DATA:
if (!(cmpt->data = jas_strdup(jas_tvparser_getval(tvp)))) {
- return -1;
+ goto error;
}
break;
}