Fix a memory leak in png_set_tRNS
This leak was discovered by OSS-Fuzz.
The old structure of the code was along the lines of:
allocate trans_alpha;
if (problem) {
// Jumps away from this function
png_warning("tRNS chunk has out-of-range samples for bit_depth");
}
mark trans_alpha as to-free;
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
diff --git a/AUTHORS b/AUTHORS
index 45fb425..7b40082 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -36,6 +36,7 @@
- Matt Sarett
- Mike Klein
- Dan Field
+ - Sami Boukortt
The build projects, the build scripts, the test scripts, and other
files in the "ci", "projects", "scripts" and "tests" directories, have
diff --git a/pngset.c b/pngset.c
index 9f4489b..8c372cf 100644
--- a/pngset.c
+++ b/pngset.c
@@ -1,7 +1,7 @@
/* pngset.c - storage of image information into info struct
*
- * Copyright (c) 2018 Cosmin Truta
+ * Copyright (c) 2018-2022 Cosmin Truta
* Copyright (c) 1998-2018 Glenn Randers-Pehrson
* Copyright (c) 1996-1997 Andreas Dilger
* Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
@@ -1019,6 +1019,9 @@
info_ptr->trans_alpha = png_voidcast(png_bytep,
png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
memcpy(info_ptr->trans_alpha, trans_alpha, (size_t)num_trans);
+
+ info_ptr->valid |= PNG_INFO_tRNS;
+ info_ptr->free_me |= PNG_FREE_TRNS;
}
png_ptr->trans_alpha = info_ptr->trans_alpha;
}