[Png-mng-security] Memory Leaks in libpng
Glenn Randers-Pehrson
glennrp at comcast.net
Mon Jul 21 13:39:45 UTC 2008
At 06:20 PM 7/19/2008 -0700, Greg Roelofs wrote:
>Kurt Christensen <hoodel at hoodel.com> wrote:
>
>> Greg,
>
>> I have found several places where memory could leak in the libpng src.
>> These all stem from pngrutil.c
I think this is fixed in libpng-1.2.30rc02 as well as in libpng-1.0.38rc02
and libpng-1.4.0beta21. I moved the "chunkdata" pointer into a new
member of the png_struct, and added a line to png_read_destroy() to
make sure it's freed during final cleanup.
The total cost of the fix is an approximately 300 byte increase in the
size of pngrutil.o
Perhaps it would have been better to make png_ptr->chunkdata have
type png_bytep instead of png_charp, but that would have changed
the signature of an exported function. We could make that change
in libng-1.4.0betaNN, though, if desired.
Glenn
More information about the png-mng-security-archive
mailing list