From 561a1ca9559a1ea7589ab93350124284fcef3315 Mon Sep 17 00:00:00 2001 From: dml Date: Fri, 6 Mar 2015 16:25:28 -0800 Subject: [PATCH] Fix a memory leak when decoding corrupted indexed PNGs. Commit to branch refs/heads/png-leak BUG=skia:3457 Review URL: https://codereview.chromium.org/951663002 --- gyp/tests.gypi | 1 + src/images/SkImageDecoder_libpng.cpp | 6 +++++ tests/InvalidIndexedPngTest.cpp | 39 ++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 tests/InvalidIndexedPngTest.cpp diff --git a/gyp/tests.gypi b/gyp/tests.gypi index 3acb825da4..d4ca3af476 100644 --- a/gyp/tests.gypi +++ b/gyp/tests.gypi @@ -128,6 +128,7 @@ '../tests/ImageNewShaderTest.cpp', '../tests/InfRectTest.cpp', '../tests/InterpolatorTest.cpp', + '../tests/InvalidIndexedPngTest.cpp', '../tests/JpegTest.cpp', '../tests/KtxTest.cpp', '../tests/LListTest.cpp', diff --git a/src/images/SkImageDecoder_libpng.cpp b/src/images/SkImageDecoder_libpng.cpp index f9ef6b7942..c074268cff 100644 --- a/src/images/SkImageDecoder_libpng.cpp +++ b/src/images/SkImageDecoder_libpng.cpp @@ -362,6 +362,12 @@ SkImageDecoder::Result SkPNGImageDecoder::onDecode(SkStream* sk_stream, SkBitmap SkAutoLockPixels alp(*decodedBitmap); + // Repeat setjmp, otherwise variables declared since the last call (e.g. alp + // and aur) won't get their destructors called in case of a failure. + if (setjmp(png_jmpbuf(png_ptr))) { + return kFailure; + } + /* Turn on interlace handling. REQUIRED if you are not using * png_read_image(). To see how to handle interlacing passes, * see the png_read_row() method below: diff --git a/tests/InvalidIndexedPngTest.cpp b/tests/InvalidIndexedPngTest.cpp new file mode 100644 index 0000000000..ba5b9a27af --- /dev/null +++ b/tests/InvalidIndexedPngTest.cpp @@ -0,0 +1,39 @@ +/* + * Copyright 2015 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkBitmap.h" +#include "SkForceLinking.h" +#include "SkImageDecoder.h" +#include "Test.h" + +// A valid 1x1 indexed PNG. +unsigned char gPngData[] = { + 0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0x00, 0x00, 0x00, 0x0d, + 0x49, 0x48, 0x44, 0x52, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, + 0x08, 0x03, 0x00, 0x00, 0x00, 0x28, 0xcb, 0x34, 0xbb, 0x00, 0x00, 0x00, + 0x09, 0x70, 0x48, 0x59, 0x73, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, + 0x1c, 0x00, 0x0f, 0x01, 0xb9, 0x8f, 0x00, 0x00, 0x00, 0x06, 0x50, 0x4c, + 0x54, 0x45, 0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0xd2, 0x87, 0xef, 0x71, + 0x00, 0x00, 0x00, 0x13, 0x49, 0x44, 0x41, 0x54, 0x78, 0xda, 0xed, 0xfd, + 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xf8, 0xaf, 0x16, 0x46, 0x00, + 0x02, 0x00, 0x01, 0x32, 0x60, 0xf7, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x49, + 0x45, 0x4e, 0x44, 0xae, 0x42, 0x60, 0x82 +}; + +// Attempt to decode an invalid PNG that has a palette. Mostly we're looking to +// make sure we don't leak memory since libpng uses setjmp for error handling so +// it's very easy to accidentally skip destructors when a failure happens. +DEF_TEST(InvalidIndexedPng, reporter) { + SkBitmap image; + SkForceLinking(false); + // Make our PNG invalid by changing a byte. + gPngData[sizeof(gPngData) - 1] = 1; + bool success = SkImageDecoder::DecodeMemory( + gPngData, sizeof(gPngData), &image, SkColorType::kUnknown_SkColorType, + SkImageDecoder::kDecodePixels_Mode); + REPORTER_ASSERT(reporter, !success); +} -- 2.34.1