python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-06-07 06:33:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential leaked storage issues (CWE-772)

Browse Source
This commit is contained in:
Lumir Balhar 2018-09-13 12:22:11 +02:00
parent 2e288e74ab
commit 78bf8ea041
8 changed files with 44 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Tk/tkImaging.c
View File

@ -425,6 +425,7 @@ int load_tkinter_funcs(void)
/* Try loading from the main program namespace first */ /* Try loading from the main program namespace first */
main_program = dlopen(NULL, RTLD_LAZY); main_program = dlopen(NULL, RTLD_LAZY);
if (_func_loader(main_program) == 0) { if (_func_loader(main_program) == 0) {
dlclose(main_program);
return 0; return 0;
} }
/* Clear exception triggered when we didn't find symbols above */ /* Clear exception triggered when we didn't find symbols above */
@ -453,6 +454,7 @@ int load_tkinter_funcs(void)
/* dlclose probably safe because tkinter has been imported. */ /* dlclose probably safe because tkinter has been imported. */
dlclose(tkinter_lib); dlclose(tkinter_lib);
exit: exit:
dlclose(main_program);
Py_XDECREF(pModule); Py_XDECREF(pModule);
Py_XDECREF(pString); Py_XDECREF(pString);
return ret; return ret;

15
src/_imaging.c
View File

@ -1042,8 +1042,10 @@ _gaussian_blur(ImagingObject* self, PyObject* args)
if (!imOut) if (!imOut)
return NULL; return NULL;
if (!ImagingGaussianBlur(imOut, imIn, radius, passes)) if (!ImagingGaussianBlur(imOut, imIn, radius, passes)) {
ImagingDelete(imOut);
return NULL; return NULL;
}
return PyImagingNew(imOut); return PyImagingNew(imOut);
} }
@ -1931,8 +1933,10 @@ _box_blur(ImagingObject* self, PyObject* args)
if (!imOut) if (!imOut)
return NULL; return NULL;
if (!ImagingBoxBlur(imOut, imIn, radius, n)) if (!ImagingBoxBlur(imOut, imIn, radius, n)) {
ImagingDelete(imOut);
return NULL; return NULL;
}
return PyImagingNew(imOut); return PyImagingNew(imOut);
} }
@ -2578,6 +2582,7 @@ _draw_arc(ImagingDrawObject* self, PyObject* args)
return NULL; return NULL;
if (n != 2) { if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates); PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL; return NULL;
} }
@ -2615,6 +2620,7 @@ _draw_bitmap(ImagingDrawObject* self, PyObject* args)
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
"coordinate list must contain exactly 1 coordinate" "coordinate list must contain exactly 1 coordinate"
); );
free(xy);
return NULL; return NULL;
} }
@ -2651,6 +2657,7 @@ _draw_chord(ImagingDrawObject* self, PyObject* args)
return NULL; return NULL;
if (n != 2) { if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates); PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL; return NULL;
} }
@ -2687,6 +2694,7 @@ _draw_ellipse(ImagingDrawObject* self, PyObject* args)
return NULL; return NULL;
if (n != 2) { if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates); PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL; return NULL;
} }
@ -2838,6 +2846,7 @@ _draw_pieslice(ImagingDrawObject* self, PyObject* args)
return NULL; return NULL;
if (n != 2) { if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates); PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL; return NULL;
} }
@ -2876,6 +2885,7 @@ _draw_polygon(ImagingDrawObject* self, PyObject* args)
PyErr_SetString(PyExc_TypeError, PyErr_SetString(PyExc_TypeError,
"coordinate list must contain at least 2 coordinates" "coordinate list must contain at least 2 coordinates"
); );
free(xy);
return NULL; return NULL;
} }
@ -2919,6 +2929,7 @@ _draw_rectangle(ImagingDrawObject* self, PyObject* args)
return NULL; return NULL;
if (n != 2) { if (n != 2) {
PyErr_SetString(PyExc_TypeError, must_be_two_coordinates); PyErr_SetString(PyExc_TypeError, must_be_two_coordinates);
free(xy);
return NULL; return NULL;
} }

12
src/encode.c
View File

@ -584,11 +584,15 @@ PyImaging_ZipEncoderNew(PyObject* self, PyObject* args)
dictionary = NULL; dictionary = NULL;
encoder = PyImaging_EncoderNew(sizeof(ZIPSTATE)); encoder = PyImaging_EncoderNew(sizeof(ZIPSTATE));
if (encoder == NULL) if (encoder == NULL) {
free(dictionary);
return NULL; return NULL;
}
if (get_packer(encoder, mode, rawmode) < 0) if (get_packer(encoder, mode, rawmode) < 0) {
free(dictionary);
return NULL; return NULL;
}
encoder->encode = ImagingZipEncode; encoder->encode = ImagingZipEncode;
encoder->cleanup = ImagingZipEncodeCleanup; encoder->cleanup = ImagingZipEncodeCleanup;
@ -749,8 +753,10 @@ PyImaging_JpegEncoderNew(PyObject* self, PyObject* args)
if (rawExif && rawExifLen > 0) { if (rawExif && rawExifLen > 0) {
/* malloc check ok, length is from python parsearg */ /* malloc check ok, length is from python parsearg */
char* pp = malloc(rawExifLen); // Freed in JpegEncode, Case 5 char* pp = malloc(rawExifLen); // Freed in JpegEncode, Case 5
if (!pp) if (!pp) {
if (extra) free(extra);
return PyErr_NoMemory(); return PyErr_NoMemory();
}
memcpy(pp, rawExif, rawExifLen); memcpy(pp, rawExif, rawExifLen);
rawExif = pp; rawExif = pp;
} else } else

12
src/libImaging/Histo.c
View File

@ -82,8 +82,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
h->histogram[im->image8[y][x]]++; h->histogram[im->image8[y][x]]++;
ImagingSectionLeave(&cookie); ImagingSectionLeave(&cookie);
} else { /* yes, we need the braces. C isn't Python! */ } else { /* yes, we need the braces. C isn't Python! */
if (im->type != IMAGING_TYPE_UINT8) if (im->type != IMAGING_TYPE_UINT8) {
ImagingHistogramDelete(h);
return ImagingError_ModeError(); return ImagingError_ModeError();
}
ImagingSectionEnter(&cookie); ImagingSectionEnter(&cookie);
for (y = 0; y < im->ysize; y++) { for (y = 0; y < im->ysize; y++) {
UINT8* in = (UINT8*) im->image32[y]; UINT8* in = (UINT8*) im->image32[y];
@ -122,8 +124,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
ImagingSectionLeave(&cookie); ImagingSectionLeave(&cookie);
break; break;
case IMAGING_TYPE_INT32: case IMAGING_TYPE_INT32:
if (!minmax) if (!minmax) {
ImagingHistogramDelete(h);
return ImagingError_ValueError("min/max not given"); return ImagingError_ValueError("min/max not given");
}
if (!im->xsize || !im->ysize) if (!im->xsize || !im->ysize)
break; break;
imin = ((INT32*) minmax)[0]; imin = ((INT32*) minmax)[0];
@ -143,8 +147,10 @@ ImagingGetHistogram(Imaging im, Imaging imMask, void* minmax)
ImagingSectionLeave(&cookie); ImagingSectionLeave(&cookie);
break; break;
case IMAGING_TYPE_FLOAT32: case IMAGING_TYPE_FLOAT32:
if (!minmax) if (!minmax) {
ImagingHistogramDelete(h);
return ImagingError_ValueError("min/max not given"); return ImagingError_ValueError("min/max not given");
}
if (!im->xsize || !im->ysize) if (!im->xsize || !im->ysize)
break; break;
fmin = ((FLOAT32*) minmax)[0]; fmin = ((FLOAT32*) minmax)[0];

2
src/libImaging/Quant.c
View File

@ -568,6 +568,8 @@ split(BoxNode *node)
left=malloc(sizeof(BoxNode)); left=malloc(sizeof(BoxNode));
right=malloc(sizeof(BoxNode)); right=malloc(sizeof(BoxNode));
if (!left||!right) { if (!left||!right) {
free(left);
free(right);
return 0; return 0;
} }
for(i=0;i<3;i++) { for(i=0;i<3;i++) {

1
src/libImaging/QuantOctree.c
View File

@ -481,6 +481,7 @@ error:
free(qp); free(qp);
free_color_cube(lookupCube); free_color_cube(lookupCube);
free_color_cube(coarseLookupCube); free_color_cube(coarseLookupCube);
free(paletteBuckets);
free(paletteBucketsCoarse); free(paletteBucketsCoarse);
free(paletteBucketsFine); free(paletteBucketsFine);
free_color_cube(coarseCube); free_color_cube(coarseCube);

2
src/libImaging/Resample.c
View File

@ -621,6 +621,8 @@ ImagingResampleInner(Imaging imIn, int xsize, int ysize,
if ( ! ksize_vert) { if ( ! ksize_vert) {
free(bounds_horiz); free(bounds_horiz);
free(kk_horiz); free(kk_horiz);
free(bounds_vert);
free(kk_vert);
return NULL; return NULL;
} }

8
src/path.c
View File

@ -82,12 +82,16 @@ path_new(Py_ssize_t count, double* xy, int duplicate)
xy = p; xy = p;
} }
if (PyType_Ready(&PyPathType) < 0) if (PyType_Ready(&PyPathType) < 0) {
free(xy);
return NULL; return NULL;
}
path = PyObject_New(PyPathObject, &PyPathType); path = PyObject_New(PyPathObject, &PyPathType);
if (path == NULL) if (path == NULL) {
free(xy);
return NULL; return NULL;
}
path->count = count; path->count = count;
path->xy = xy; path->xy = xy;