Closed Bug 1431637 Opened 2 years ago Closed 2 years ago

direct leak in qcms_transform_precacheLUT_float

Categories

(Core :: Graphics, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla60
Tracking Status
firefox60 --- fixed

People

(Reporter: u473386, Assigned: lsalzman)

Details

(Whiteboard: [gfx-noted])

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.98 Safari/537.36

Steps to reproduce:

==7745==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 431244 byte(s) in 1 object(s) allocated from:
    ...
    #1 0x521079 in qcms_transform_precacheLUT_float transform.c:1162:8

https://dxr.mozilla.org/mozilla-central/rev/e4107773cffb1baefd5446666fce22c4d6eb0517/gfx/qcms/transform.c#1162

The problem is that src becomes lut later.

https://dxr.mozilla.org/mozilla-central/rev/e4107773cffb1baefd5446666fce22c4d6eb0517/gfx/qcms/transform.c#1178

I made a simple patch.

--- a/qcms/transform.c
+++ b/qcms/transform.c
@@ -995,6 +995,10 @@
 	free(t->output_gamma_lut_g);
 	free(t->output_gamma_lut_b);
 
+	/* src in qcms_chain_transform */
+	if (t->r_clut)
+		free(t->r_clut);
+
 	transform_free(t);
 }
Correction.

+	/* src or dest in qcms_chain_transform */
Component: Untriaged → Graphics
Product: Firefox → Core
Priority: -- → P3
Whiteboard: [gfx-noted]
pdknsk, your analysis of the situation seems correct. I've rolled this into a patch. The comments have been elaborated a bit, but otherwise the semantics of the patch are the same and sufficient.
Assignee: nobody → lsalzman
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #8949235 - Flags: review?(jmuizelaar)
Attachment #8949235 - Flags: review?(jmuizelaar) → review+
https://hg.mozilla.org/mozilla-central/rev/73255f988eb1
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
You need to log in before you can comment on or make changes to this bug.