null pointer and meory leak in topol.c
Swiss army knife of image processing
Brought to you by:
bfriesen
Here is the critical code:
… ldblk = (long)((depth * Header.TileWidth + 7) / 8); //647 BImgBuff = MagickAllocateMemory(unsigned char *,(size_t) ldblk); /*Ldblk was set in the check phase */ /* dlazdice.create(Header.TileWidth,Header.TileHeight,p.Planes); */ Offsets = MagickAllocateMemory(magick_uint32_t *,(size_t)TilesAcross*TilesDown*sizeof(magick_uint32_t)); //651 if(Offsets==NULL) //652 ThrowPDBReaderException(ResourceLimitError, MemoryAllocationFailed, image); …… for(i=0;i<Header.TileHeight;i++) { (void)ReadBlob(image, ldblk, (char *)BImgBuff); //671 if(SkipBlk>0) SeekBlob(image, SkipBlk, SEEK_CUR); //674 InsertRow(depth, BImgBuff, i+TilY, image, TilX, (image->columns<Header.TileWidth)?image->columns:Header.TileWidth, &import_options); } ...
MagickAllocateMemory(...) may return NULL, so the following operations on the "BImgBuff" will Dereference Null pointer to cause memory error.
If the “BImgBuff” is not NULL and the “Offsets” is NULL,it may cause memory leak error.
Credit: ADLab of Venustech
This problem is fixed by Mercurial changeset 15210:2eb623a47598. Thanks for the report!