#75 bugs in Libmng 1.0.10

open
None
5
2012-08-15
2008-02-18
Anonymous
No
  1. libmgn_display.c line 7003: bSourceRGBA16, 6916 pbuf, libmng_chunk_io.c line 8503: iBuflen, line 2902: iBufSize, line 2718: iBufsize, line 8444: iRawlen might be uninitialized. 6991 isourcerowsize ,7001 isourcesamples 2750 itextlen, 8444 ireallen

  2. pMAGN in mgn_create_ani_magn() might be NULL due to malloc() fail, and then is dereferenced.

  3. npmngplg.c lines 1142ff. has problem due to operator preference (&& has higher priority than comparison).

  4. npmgnplc.c in NPP_Write() uses realloc with checking for NULL and saving the old pointer, potentially leaking memory.

  5. In CopyToClipboard() it calls GlobalLock on hClip, which might be NULL if the GlobalAlloc fails.

Discussion

  • Glenn Randers-Pehrson

    Logged In: YES
    user_id=7859
    Originator: NO

    Thanks

     
  • Glenn Randers-Pehrson

    Logged In: YES
    user_id=7859
    Originator: NO

    1. libmng_display.c 7003: adding check for 16-bit support.
      line 6916 pBuf looks OK to me. It's defined at line 6703.
      libmng_chunk_io.c line 8503 Check pITXT
      line 2902 check iCompressionflag
      line 2718 check fProcesstext
      line 8444 looks OK (MNG_ALLOC checks for NULL return)
      libmng_display.c line 6991 looks OK
      line 7001 looks OK
      line 2750 initialize iTextlen to zero
      line 8444 looks OK

    2. The malloc is checked inside MNG_ALLOC():

    define MNG_ALLOC(H,P,L) { P = calloc (1, (mng_size_t)(L)); \

                            if (P == 0) { MNG_ERROR (H, MNG_OUTOFMEMORY) } }
    

    I wonder about the use of "0" instead of "NULL" though.

    1. Looks OK to me but I'll add some parentheses to clarify.

    2. I'll add
      unsigned char *oldmngdata=This->mngdata;
      and
      if(oldmngdata) free(old_mngdata);
      at the appropriate places in nmngplg.c

     
  • Glenn Randers-Pehrson

    Logged In: YES
    user_id=7859
    Originator: NO

    Bugfixes checked in to CVS. Oops, I missed the last one.

     
  • Glenn Randers-Pehrson

    Logged In: YES
    user_id=7859
    Originator: NO

    Oops,

    if(oldmngdata) free(old_mngdata);
    should be
    if(oldmngdata) free(oldmngdata);

    Fixed in CVS.

     
  • Glenn Randers-Pehrson

    Logged In: YES
    user_id=7859
    Originator: NO

    Added a check for NULL hClip in CopyToClipboard() and checked in to CVS.

     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks