python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-12-26 09:56:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential leaked storage issues (CWE-772)

Browse Source
This commit is contained in:
Lumir Balhar 2018-09-13 12:22:11 +02:00
parent 2e288e74ab
commit 78bf8ea041
8 changed files with 44 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Tk/tkImaging.c
View File

@ -425,6 +425,7 @@ int load_tkinter_funcs(void)
/* Try loading from the main program namespace first */
main_program = dlopen(NULL, RTLD_LAZY);
if (_func_loader(main_program) == 0) {
dlclose(main_program);
return 0;
}
/* Clear exception triggered when we didn't find symbols above */
@ -453,6 +454,7 @@ int load_tkinter_funcs(void)
/* dlclose probably safe because tkinter has been imported. */
dlclose(tkinter_lib);
exit:
dlclose(main_program);
Py_XDECREF(pModule);
Py_XDECREF(pString);
return ret;

15
src/_imaging.c
View File

@ -1042,8 +1042,10 @@ _gaussian_blur(ImagingObject* self, PyObject* args)
if (!imOut)
return NULL;
if (!ImagingGaussianBlur(imOut, imIn, radius, passes))
if (!ImagingGaussianBlur(imOut, imIn, radius, passes)) {
ImagingDelete(imOut);
return NULL;
}
return PyImagingNew(imOut);
}
@ -1931,8 +1933,10 @@ _box_blur(ImagingObject* self, PyObject* args)
if (!imOut)
return NULL;
if (!ImagingBoxBlur(imOut, imIn, radius, n))
if (!ImagingBoxBlur(imOut, imIn, radius, n)) {
ImagingDelete(imOut);
return NULL;
}
return PyImagingNew(imOut);
}
@ -2578,6 +2582,7 @@ _draw_arc(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL;
}
@ -2615,6 +2620,7 @@ _draw_bitmap(ImagingDrawObject* self, PyObject* args)
PyErr_SetString(PyExc_TypeError,
"coordinate list must contain exactly 1 coordinate"
);
free(xy);
return NULL;
}
@ -2651,6 +2657,7 @@ _draw_chord(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL;
}
@ -2687,6 +2694,7 @@ _draw_ellipse(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL;
}
@ -2838,6 +2846,7 @@ _draw_pieslice(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL;
}
@ -2876,6 +2885,7 @@ _draw_polygon(ImagingDrawObject* self, PyObject* args)
PyErr_SetString(PyExc_TypeError,
"coordinate list must contain at least 2 coordinates"
);
free(xy);
return NULL;
}
@ -2919,6 +2929,7 @@ _draw_rectangle(ImagingDrawObject* self, PyObject* args)
return NULL;
if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL;
}

12
src/encode.c
View File

@ -584,11 +584,15 @@ PyImaging_ZipEncoderNew(PyObject* self, PyObject* args)
dictionary = NULL;
encoder = PyImaging_EncoderNew(sizeof(ZIPSTATE));
if (encoder == NULL)
if (encoder == NULL) {
free(dictionary);
return NULL;
}
if (get_packer(encoder, mode, rawmode) < 0)
if (get_packer(encoder, mode, rawmode) < 0) {
free(dictionary);
return NULL;
}
encoder->encode = ImagingZipEncode;
encoder->cleanup = ImagingZipEncodeCleanup;
@ -749,8 +753,10 @@ PyImaging_JpegEncoderNew(PyObject* self, PyObject* args)
if (rawExif && rawExifLen > 0) {
/* malloc check ok, length is from python parsearg */
char* pp = malloc(rawExifLen); // Freed in JpegEncode, Case 5
if (!pp)
if (!pp) {
if (extra) free(extra);
return PyErr_NoMemory();
}
memcpy(pp, rawExif, rawExifLen);
rawExif = pp;
} else

12
src/libImaging/Histo.c
View File

@ -82,8 +82,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
h->histogram[im->image8[y][x]]++;
ImagingSectionLeave(&cookie);
} else { /* yes, we need the braces. C isn't Python! */
if (im->type != IMAGING_TYPE_UINT8)
if (im->type != IMAGING_TYPE_UINT8) {
ImagingHistogramDelete(h);
return ImagingError_ModeError();
}
ImagingSectionEnter(&cookie);
for (y = 0; y < im->ysize; y++) {
UINT8* in = (UINT8*) im->image32[y];
@ -122,8 +124,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
ImagingSectionLeave(&cookie);
break;
case IMAGING_TYPE_INT32:
if (!minmax)
if (!minmax) {
ImagingHistogramDelete(h);
return ImagingError_ValueError("min/max not given");
}
if (!im->xsize || !im->ysize)
break;
imin = ((INT32*) minmax)[0];
@ -143,8 +147,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
ImagingSectionLeave(&cookie);
break;
case IMAGING_TYPE_FLOAT32:
if (!minmax)
if (!minmax) {
ImagingHistogramDelete(h);
return ImagingError_ValueError("min/max not given");
}
if (!im->xsize || !im->ysize)
break;
fmin = ((FLOAT32*) minmax)[0];

2
src/libImaging/Quant.c
View File

@ -568,6 +568,8 @@ split(BoxNode *node)
left=malloc(sizeof(BoxNode));
right=malloc(sizeof(BoxNode));
if (!left||!right) {
free(left);
free(right);
return 0;
}
for(i=0;i<3;i++) {

1
src/libImaging/QuantOctree.c
View File

@ -481,6 +481,7 @@ error:
free(qp);
free_color_cube(lookupCube);
free_color_cube(coarseLookupCube);
free(paletteBuckets);
free(paletteBucketsCoarse);
free(paletteBucketsFine);
free_color_cube(coarseCube);

2
src/libImaging/Resample.c
View File

@ -621,6 +621,8 @@ ImagingResampleInner(Imaging imIn, int xsize, int ysize,
if ( ! ksize_vert) {
free(bounds_horiz);
free(kk_horiz);
free(bounds_vert);
free(kk_vert);
return NULL;
}

8
src/path.c
View File

@ -82,12 +82,16 @@ path_new(Py_ssize_t count, double* xy, int duplicate)
xy = p;
}
if (PyType_Ready(&PyPathType) < 0)
if (PyType_Ready(&PyPathType) < 0) {
free(xy);
return NULL;
}
path = PyObject_New(PyPathObject, &PyPathType);
if (path == NULL)
if (path == NULL) {
free(xy);
return NULL;
}
path->count = count;
path->xy = xy;