[master] Return allocated "old_buffer" in png_push_save_buffer()
before calling png_error(), to avoid a potential memory leak.
diff --git a/ANNOUNCE b/ANNOUNCE
index e9e715c..ed087b1 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,5 +1,5 @@
-Libpng 1.4.1beta09 - February 8, 2010
+Libpng 1.4.1beta10 - February 8, 2010
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@@ -9,20 +9,20 @@
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
- 1.4.1beta09.tar.xz (LZMA-compressed, recommended)
- 1.4.1beta09.tar.gz
- 1.4.1beta09.tar.bz2
+ 1.4.1beta10.tar.xz (LZMA-compressed, recommended)
+ 1.4.1beta10.tar.gz
+ 1.4.1beta10.tar.bz2
Source files with CRLF line endings (for Windows), without the
"configure" script
- lp141b09.zip
- lp141b09.7z
+ lp141b10.zip
+ lp141b10.7z
Other information:
- 1.4.1beta09-README.txt
- 1.4.1beta09-LICENSE.txt
+ 1.4.1beta10-README.txt
+ 1.4.1beta10-LICENSE.txt
Changes since the last public release (1.4.0):
@@ -69,9 +69,13 @@
version 1.4.1beta08 [February 6, 2010]
Minor cleanup and updating of dates and copyright year.
-version 1.4.1beta09 [February 8, 2010]
+version 1.4.1beta09 [February 7, 2010]
Reverted to original png_push_save_buffer() code.
+version 1.4.1beta10 [February 8, 2010]
+ Return allocated "old_buffer" in png_push_save_buffer() before calling
+ png_error(), to avoid a potential memory leak.
+
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
diff --git a/CHANGES b/CHANGES
index 4749228..2aa9317 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2502,9 +2502,13 @@
version 1.4.1beta08 [February 6, 2010]
Minor cleanup and updating of dates and copyright year.
-version 1.4.1beta09 [February 8, 2010]
+version 1.4.1beta09 [February 7, 2010]
Reverted to original png_push_save_buffer() code.
+version 1.4.1beta10 [February 8, 2010]
+ Return allocated "old_buffer" in png_push_save_buffer() before calling
+ png_error(), to avoid a potential memory leak.
+
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
diff --git a/pngpread.c b/pngpread.c
index 5533e48..f9bb22a 100644
--- a/pngpread.c
+++ b/pngpread.c
@@ -700,8 +700,13 @@
new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
old_buffer = png_ptr->save_buffer;
- png_ptr->save_buffer = (png_bytep)png_malloc(png_ptr,
+ png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
(png_size_t)new_max);
+ if (png_ptr->save_buffer == NULL)
+ {
+ png_free(png_ptr, old_buffer);
+ png_error(png_ptr, "Insufficient memory for save_buffer");
+ }
png_memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
png_free(png_ptr, old_buffer);
png_ptr->save_buffer_max = new_max;