Here is the critical code : (in ReadMNGImage)
row_length=(size_t) (image->columns*sizeof(PixelPacket)); //5412
next=MagickAllocateMemory(PixelPacket *,row_length); //5413
prev=MagickAllocateMemory(PixelPacket *,row_length);
if ((prev == (PixelPacket *) NULL) ||
(next == (PixelPacket *) NULL))
{
DestroyImageList(image);
MngInfoFreeStruct(mng_info,&have_mng_structure);
ThrowReaderException(ResourceLimitError,
MemoryAllocationFailed,image)
}
If one of the “next”、“prev” is not null in “if statement”,it may cause memory leak error.
Credit: ADLab of Venustech
This problem is fixed by Mercurial changeset 15212:0d59486cb62b. Thanks for the report!