This is an automated email from the git hooks/post-receive script.
git pushed a commit to reference refs/pull/21/head
in repository legacy-imlib2.
View the commit online.
commit 7ebe11b98103971f51dc246a5db8509b35bae0a2
Author: NRK <n...@disroot.org>
AuthorDate: Sun Dec 31 09:32:30 2023 +0000
PNG saver: avoid double-free on write errors
png_write_end may trigger a write error which sets off longjmp - which
then goes ahead and tries to free `misc.data` again. move the
png_write_end call before `quit` label to avoid this.
to reproduce, build scrot and imlib2 with ASan and then try to save a
screenshot to /dev/full (`scrot -o /dev/full`).
---
src/modules/loaders/loader_png.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/modules/loaders/loader_png.c b/src/modules/loaders/loader_png.c
index ac603d8..a291bc1 100644
--- a/src/modules/loaders/loader_png.c
+++ b/src/modules/loaders/loader_png.c
@@ -745,11 +745,12 @@ _save(ImlibImage * im)
}
}
+ png_write_end(png_ptr, info_ptr);
+
rc = LOAD_SUCCESS;
quit:
free(misc.data);
- png_write_end(png_ptr, info_ptr);
png_destroy_write_struct(&png_ptr, &info_ptr);
return rc;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
