ref: 87411156c29ade8ab5dca9811bc6804140d885a4
parent: 4e375fc8e53ed4a38bfb69cd4d30bdfad48bbc82
author: Sebastian Rasmussen <[email protected]>
date: Thu Mar 1 10:04:48 EST 2018
Fix 699083: Avoid leak in symbol dictionary parsing upon error.
--- a/jbig2_symbol_dict.c
+++ b/jbig2_symbol_dict.c
@@ -802,6 +802,8 @@
int table_index = 0;
const Jbig2HuffmanParams *huffman_params;
+ params.SDHUFF = 0;
+
if (segment->data_length < 10)
goto too_short;
@@ -1024,5 +1026,11 @@
return (segment->result != NULL) ? 0 : -1;
too_short:
+ if (params.SDHUFF) {
+ jbig2_release_huffman_table(ctx, params.SDHUFFDH);
+ jbig2_release_huffman_table(ctx, params.SDHUFFDW);
+ jbig2_release_huffman_table(ctx, params.SDHUFFBMSIZE);
+ jbig2_release_huffman_table(ctx, params.SDHUFFAGGINST);
+ }
return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "Segment too short");
}