Memory leak in pngimage, png_malloc_base, pngmem.c:95

[5hadowblad3]

Hi, there.

There is a memory leak in pngimage in the newest main branch (a37d4836).

To reproduce, compile with

CFLAGS="-g -fsanitize=address"

then run:

pngimage poc

POC: poc.zip (unzip first)

Here is the trace reported by ASAN:

==62458==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1256 byte(s) in 1 object(s) allocated from:
    #0 0x4aec02 in malloc /dependence/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x51d276 in png_malloc_base /mnt/data/playground/libpng/build/../pngmem.c:95:17
    #2 0x51de10 in png_create_read_struct_2 /mnt/data/playground/libpng/build/../pngread.c:45:26
    #3 0x51de10 in png_create_read_struct /mnt/data/playground/libpng/build/../pngread.c:33:11
    #4 0x1577b89ef7836e8e  (<unknown module>)

Direct leak of 360 byte(s) in 1 object(s) allocated from:
    #0 0x4aec02 in malloc /dependence/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x51d276 in png_malloc_base /mnt/data/playground/libpng/build/../pngmem.c:95:17
    #2 0x1577b89ef7836e8e  (<unknown module>)

Indirect leak of 7152 byte(s) in 1 object(s) allocated from:
    #0 0x4aec02 in malloc /dependence/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x51d276 in png_malloc_base /mnt/data/playground/libpng/build/../pngmem.c:95:17
    #2 0x571354 in png_read_start_row /mnt/data/playground/libpng/build/../pngrutil.c:4673:8

Indirect leak of 3107 byte(s) in 39 object(s) allocated from:
    #0 0x4aec02 in malloc //dependence/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x51d276 in png_malloc_base /mnt/data/playground/libpng/build/../pngmem.c:95:17

SUMMARY: AddressSanitizer: 11875 byte(s) leaked in 42 allocation(s).
Aborted

[thealberto]

Hi @5hadowblad3 , could you please check again with the latest version of libpng and share if the issue is still present. I cannot reproduce it atm...

NB Please do not pay attention to the additional message, I added them for debug purposes.

➜  oss ./BUILD/pngimage issue392/pngfix-leak_process_IDAT1967 
[+] png_read_png
Reading....
[+] png_read_data length: 8
[+] png_read_data length: 8
[+] png_read_data length: 13
[+] png_read_data length: 4
info_ptr->rowbytes: 16
pixel depth: 4, width: 32
[+] png_read_data length: 8
[+] png_read_data length: 3
[+] png_read_data length: 3
[+] png_read_data length: 3
[+] png_read_data length: 3
[+] png_read_data length: 3
[+] png_read_data length: 3
[+] png_read_data length: 4
issue392/pngfix-leak_process_IDAT1967: error(libpng): original read: PLTE: CRC error
➜  oss md5sum issue392/pngfix-leak_process_IDAT1967 
53b7be8c27f30e2bdf62f7680a11196e  issue392/pngfix-leak_process_IDAT1967
➜  oss 

Thanks

[jbowler]

There is no memory leak here, the program has exited with a fatal error (and this is the correct behavior).

[5hadowblad3]

Sorry for the late reply. This issue has been fix in the newest version.