[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Corrupted heap
From: |
Fred Kiefer |
Subject: |
Re: Corrupted heap |
Date: |
Wed, 17 Mar 2010 21:42:21 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.1.8) Gecko/20100228 SUSE/3.0.3-1.1.1 Thunderbird/3.0.3 |
Am 17.03.2010 20:26, schrieb Adam Fedor:
>
> On Mar 17, 2010, at 12:34 PM, Vincent Richomme wrote:
>>
>>
>> /* Return YES if this looks like a JPEG. */
>> + (BOOL) _bitmapIsJPEG: (NSData *)imageData
>> {
>> struct jpeg_decompress_struct cinfo;
>>
>> ... BLABLA ...
>>
>> // establish return context for error handling
>> if (setjmp(jerrMgr.setjmpBuffer))
>> {
>> gs_jpeg_memory_src_destroy(&cinfo);
>> jpeg_destroy_decompress(&cinfo);
>> return NO;
>> }
>>
>> ... BLABLA ...
>>
>> return YES;
>> }
>>
>> Are you sure you need to call free here because I suppose &cinfo->src is
>> not yet valid.
>
> That looks wrong to me as well.
>
In itself this could be correct. setjmp() will return non-zero when
called via longjmp, that is, this is the error case, where we need to
clean up. Still the code isn't writen in a save way. We should first
bring the structure in a defined state, we never know at what point an
error will happen.
- Corrupted heap, Vincent Richomme, 2010/03/17
- Re: Corrupted heap, Vincent Richomme, 2010/03/17
- Re: Corrupted heap, Adam Fedor, 2010/03/17
- Re: Corrupted heap,
Fred Kiefer <=
- Re: Corrupted heap, Vincent Richomme, 2010/03/17
- Re: Corrupted heap, Fred Kiefer, 2010/03/18
- Re: Corrupted heap, Vincent Richomme, 2010/03/18
- Re: Corrupted heap, David Chisnall, 2010/03/18
- Re: Corrupted heap, Vincent Richomme, 2010/03/18
- Re: Corrupted heap, David Chisnall, 2010/03/18
- Re: Corrupted heap, Niels Grewe, 2010/03/18
- Re: Corrupted heap, Richard Frith-Macdonald, 2010/03/18
- Re: Corrupted heap, Vincent Richomme, 2010/03/18
- Re: Corrupted heap, Richard Frith-Macdonald, 2010/03/19