#510 null pointer and meory leak in topol.c

[BlueKiller]

Here is the critical code:

…
       ldblk = (long)((depth * Header.TileWidth + 7) / 8);                    //647
       BImgBuff = MagickAllocateMemory(unsigned char *,(size_t) ldblk);    /*Ldblk was set in the check phase */

       /* dlazdice.create(Header.TileWidth,Header.TileHeight,p.Planes); */
       Offsets = MagickAllocateMemory(magick_uint32_t *,(size_t)TilesAcross*TilesDown*sizeof(magick_uint32_t));    //651
       if(Offsets==NULL)                                                //652
         ThrowPDBReaderException(ResourceLimitError, MemoryAllocationFailed, image);         

      ……

       for(i=0;i<Header.TileHeight;i++)
       {
             (void)ReadBlob(image, ldblk, (char *)BImgBuff);            //671
             if(SkipBlk>0)
               SeekBlob(image, SkipBlk, SEEK_CUR);                        //674
         InsertRow(depth, BImgBuff, i+TilY, image, TilX, 
                    (image->columns<Header.TileWidth)?image->columns:Header.TileWidth, &import_options);
          }   
...

MagickAllocateMemory(...) may return NULL, so the following operations on the "BImgBuff" will Dereference Null pointer to cause memory error.

If the “BImgBuff” is not NULL and the “Offsets” is NULL,it may cause memory leak error.

Credit: ADLab of Venustech

[Bob Friesenhahn]

This problem is fixed by Mercurial changeset 15210:2eb623a47598. Thanks for the report!