From: Christophe CURIS <christophe.cu...@free.fr>
As pointed by Coverity, there's a free on the content of this buffer at
function's end, but if the image's width or height is lower than 1 then we
could reach this free before allocating anything, thus having an
uninitialised pointer.
Signed-off-by: Christophe CURIS <christophe.cu...@free.fr>
---
wrlib/load_jpeg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/wrlib/load_jpeg.c b/wrlib/load_jpeg.c
index ded519e..64eeb48 100644
--- a/wrlib/load_jpeg.c
+++ b/wrlib/load_jpeg.c
@@ -132,6 +132,7 @@ RImage *RLoadJPEG(const char *file_name)
jpeg_read_header(&cinfo, TRUE);
if (cinfo.image_width < 1 || cinfo.image_height < 1) {
+ buffer[0] = NULL; /* Initialize pointer to avoid spurious
free in cleanup code */
RErrorCode = RERR_BADIMAGEFILE;
goto bye;
}
--
1.9.2
--
To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.
