20 lines
728 B
Diff
20 lines
728 B
Diff
|
Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
|
||
|
Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
|
||
|
Bug-Ubuntu: https://launchpad.net/bugs/1547865
|
||
|
Bug-Debian: https://bugs.debian.org/816625
|
||
|
Forwarded: not-needed
|
||
|
Author: Tyler Hicks <tyhicks@canonical.com>
|
||
|
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
||
|
Last-Update: 2016-03-05
|
||
|
|
||
|
--- a/src/libjasper/base/jas_icc.c
|
||
|
+++ b/src/libjasper/base/jas_icc.c
|
||
|
@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
|
||
|
if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
|
||
|
goto error;
|
||
|
jas_iccattrval_destroy(attrval);
|
||
|
+ attrval = 0;
|
||
|
} else {
|
||
|
#if 0
|
||
|
jas_eprintf("warning: skipping unknown tag type\n");
|