shithub: jbig2

Download patch

ref: 87411156c29ade8ab5dca9811bc6804140d885a4
parent: 4e375fc8e53ed4a38bfb69cd4d30bdfad48bbc82
author: Sebastian Rasmussen <[email protected]>
date: Thu Mar 1 10:04:48 EST 2018

Fix 699083: Avoid leak in symbol dictionary parsing upon error.

--- a/jbig2_symbol_dict.c
+++ b/jbig2_symbol_dict.c
@@ -802,6 +802,8 @@
     int table_index = 0;
     const Jbig2HuffmanParams *huffman_params;
 
+    params.SDHUFF = 0;
+
     if (segment->data_length < 10)
         goto too_short;
 
@@ -1024,5 +1026,11 @@
     return (segment->result != NULL) ? 0 : -1;
 
 too_short:
+    if (params.SDHUFF) {
+        jbig2_release_huffman_table(ctx, params.SDHUFFDH);
+        jbig2_release_huffman_table(ctx, params.SDHUFFDW);
+        jbig2_release_huffman_table(ctx, params.SDHUFFBMSIZE);
+        jbig2_release_huffman_table(ctx, params.SDHUFFAGGINST);
+    }
     return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "Segment too short");
 }