[Png-mng-security] Memory Leaks in libpng
glennrp at comcast.net
glennrp at comcast.net
Sun Jul 20 20:21:04 UTC 2008
-------------- Original message ----------------------
From: Kurt Christensen <hoodel at hoodel.com>
>
> I have actually observed the behavior in a Purify context. That's how
> I found it in the first place. Since I am in a crawler application,
> not a browser application, even small leaks can accumulate to hang
> the system eventually.
Thanks for this report.
> I performed a kludge/work-around, which modified pngrutil.c and my
> png_error surrogate. I used two extern flags. One is set in
> png_handle_<chunk> whenever one of these patterns is encountered, and
> cleared after the pattern. The other gets set by png_error when the
> first flag is set, in which case it returns instead of doing the long
> jump.
>
> png_handle_<chunk> seeing the second flag set, frees the memory and exits.
>
> Since this would have to be patched again in any subsequent version
> of libpng, I thought it better to have the community patch it at the
> source rather than have me do my work-around, which benefits only me.
I think a more straight-forward approach would be to make the chunkdata
pointer a new member of png_struct, so it could be reliably
freed during the png_read_destroy() process.
Glenn
More information about the png-mng-security-archive
mailing list