commit 0a9b9721782d3a60a5c16c8c9a7abf3d4b1ecd42
author DRC <information@libjpeg-turbo.org> Mon Aug 09 17:25:36 2021 -0500
committer DRC <information@libjpeg-turbo.org> Mon Aug 09 18:16:57 2021 -0500
tree 02d334314e1362a3b9516e90ac8439c2e0401045
parent 2849d86aaae168fcac2e1b6c373c249781a41c5c

jmemmgr.c: Pass correct size arg to jpeg_free_*()

This issue was introduced in 5557fd22173ea9ab4c02c81e1dcec9bd6927814f
due to an oversight, so it has existed in libjpeg-turbo since the
project's inception.  However, the issue is effectively a non-issue.
Although #325 proposes allowing programs to override jpeg_get_*() and
jpeg_free_*() externally, there is currently no way to override those
functions without modifying the libjpeg-turbo source code.
libjpeg-turbo only includes the malloc()/free() memory manager from
libjpeg, and the implementation of jpeg_free_*() in that memory manager
ignores the size argument.  libjpeg had several additional memory
managers for legacy systems (MS-DOS, System 7, etc.), but those memory
managers ignored the size argument to jpeg_free_*() as well.  Thus, this
issue would have only potentially affected custom memory managers in
downstream libjpeg-turbo forks, and since no one has complained until
now, apparently those are rare.

Fixes #542

jmemmgr.c

diff --git a/jmemmgr.c b/jmemmgr.c
index 508ca74..70b8ec0 100644
--- a/jmemmgr.c
+++ b/jmemmgr.c
@@ -4,7 +4,7 @@
  * This file was part of the Independent JPEG Group's software:
  * Copyright (C) 1991-1997, Thomas G. Lane.
  * libjpeg-turbo Modifications:
- * Copyright (C) 2016, D. R. Commander.
+ * Copyright (C) 2016, 2021, D. R. Commander.
  * For conditions of distribution and use, see the accompanying README.ijg
  * file.
  *
@@ -1032,7 +1032,7 @@
     large_pool_ptr next_lhdr_ptr = lhdr_ptr->next;
     space_freed = lhdr_ptr->bytes_used +
                   lhdr_ptr->bytes_left +
-                  sizeof(large_pool_hdr);
+                  sizeof(large_pool_hdr) + ALIGN_SIZE - 1;
     jpeg_free_large(cinfo, (void *)lhdr_ptr, space_freed);
     mem->total_space_allocated -= space_freed;
     lhdr_ptr = next_lhdr_ptr;
@@ -1045,7 +1045,7 @@
   while (shdr_ptr != NULL) {
     small_pool_ptr next_shdr_ptr = shdr_ptr->next;
     space_freed = shdr_ptr->bytes_used + shdr_ptr->bytes_left +
-                  sizeof(small_pool_hdr);
+                  sizeof(small_pool_hdr) + ALIGN_SIZE - 1;
     jpeg_free_small(cinfo, (void *)shdr_ptr, space_freed);
     mem->total_space_allocated -= space_freed;
     shdr_ptr = next_shdr_ptr;