libpng icon indicating copy to clipboard operation
libpng copied to clipboard

Published 20 hours ago verified publisher icon glennrp

Memory leak in pngfix, process_IDAT, pngfix.c:1967

Open 5hadowblad3 opened this issue 3 years ago • 1 comments

Hi, there.

There is a memory leak in pngimage in the newest main branch (a37d4836).

To reproduce, compile with

CFLAGS="-g -fsanitize=address"

then run:

pngfix --optimize --strip=all poc

POC: poc.zip (unzip first)

Here is the trace reported by ASAN:

==96572==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 7152 byte(s) in 1 object(s) allocated from:
    #0 0x4aeda2 in malloc /dependence/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fde2e0e08ec in inflateInit2_ (/lib/x86_64-linux-gnu/libz.so.1+0x98ec)
    #2 0x502b78 in process_IDAT /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c:1967:8
    #3 0x502b78 in process_chunk /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c:2924:14
    #4 0x4fde17 in sync_stream /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c:3039:25
    #5 0x4fde17 in read_chunk /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c:3162:4
    #6 0x5033a7 in process_chunk /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c
    #7 0x4fe0ae in read_chunk /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c:3141:19
    #8 0x5033a7 in process_chunk /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c
    #9 0x4fe0ae in read_chunk /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c:3141:19
    #10 0x4f7e7f in read_callback /mnt/data/playground/libpng/build/../contrib/tools/pngfix.c:3283:10
    #11 0x7ffd7147091f  ([stack]+0x1c91f)

Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
    #0 0x4aeda2 in malloc /dependence/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fde2e0e25fb in inflate (/lib/x86_64-linux-gnu/libz.so.1+0xb5fb)

SUMMARY: AddressSanitizer: 8176 byte(s) leaked in 2 allocation(s).
Aborted

5hadowblad3 avatar Aug 23 '21 04:08 5hadowblad3

There is no memory leak here, the program has exited with a fatal error (and this is the correct behavior).

I.e. pngfix is behaving as designed; it exits with an error code because it can't fix the input file. The _exit frees all allocated memory.

jbowler avatar Nov 16 '22 05:11 jbowler