Commits

Ondřej Surý committed 15ea6bc

Fix several uninitialized variable reads, dereferences before NULL checks, resource leaks and some other minor errors

Comments (0)

Files changed (11)

 	}
 	/* Shouldn't happen */
 	fprintf (stderr, "Error: bug in gdImageCreateFromXbm!\n");
-	return 0;
 fail:
 	gdImageDestroy (im);
 	return 0;
 	int r,g,b,a;
 	int new_pxl, pxl;
 	FuncPtr f;
-	f = GET_PIXEL_FUNCTION(src);
 
 	if (src==NULL) {
 		return 0;
 	}
 
+	f = GET_PIXEL_FUNCTION(src);
+
 	for (y=0; y<src->sy; ++y) {
 		for (x=0; x<src->sx; ++x) {
 			pxl = f (src, x, y);
 	int r,g,b,a;
 	int new_pxl, pxl;
 	FuncPtr f;
-	f = GET_PIXEL_FUNCTION(src);
 
-	if (src==NULL || (brightness < -255 || brightness>255)) {
+	if (src==NULL || (brightness < -255 || brightness > 255)) {
 		return 0;
 	}
 
 		return 1;
 	}
 
+	f = GET_PIXEL_FUNCTION(src);
+
 	for (y=0; y<src->sy; ++y) {
 		for (x=0; x<src->sx; ++x) {
 			pxl = f (src, x, y);
 	int new_pxl, pxl;
 
 	FuncPtr f;
-	f = GET_PIXEL_FUNCTION(src);
 
 	if (src==NULL) {
 		return 0;
 	}
 
+	f = GET_PIXEL_FUNCTION(src);
+
 	contrast = (double)(100.0-contrast)/100.0;
 	contrast = contrast*contrast;
 
 		}
 		for (i = 0; i < nc; i++) {
 			if (gdGetInt (&cidx[i].offset, in) != 1) {
-				goto fail1;
+				goto fail2;
 			};
 			if (gdGetInt (&cidx[i].size, in) != 1) {
-				goto fail1;
+				goto fail2;
 			};
 		};
 		*chunkIdx = cidx;
 	GD2_DBG (printf ("gd2 header complete\n"));
 
 	return 1;
-
+fail2:
+	gdFree(cidx);
 fail1:
 	return 0;
 }
 	}
 	if (im == NULL) {
 		GD2_DBG (printf ("Could not create gdImage\n"));
-		goto fail1;
+		goto fail2;
 	};
 
 	if (!_gdGetColors (in, im, (*vers) == 2)) {
 		GD2_DBG (printf ("Could not read color palette\n"));
-		goto fail2;
+		goto fail3;
 	}
 	GD2_DBG (printf ("Image palette completed: %d colours\n", im->colorsTotal));
 
 	return im;
 
-fail2:
+fail3:
 	gdImageDestroy (im);
-	return 0;
-
+fail2:
+	gdFree(*cidx);
 fail1:
 	return 0;
 
 	                        &chunkIdx);
 
 	if (im == NULL) {
+		gdFree (chunkIdx);
 		return 0;
 	}
 
 
 BGD_DECLARE(void) gdImageGifAnimAddCtx(gdImagePtr im, gdIOCtxPtr out, int LocalCM, int LeftOfs, int TopOfs, int Delay, int Disposal, gdImagePtr previm)
 {
-	gdImagePtr pim = 0, tim = im;
+	gdImagePtr pim = NULL, tim = im;
 	int interlace, transparent, BitsPerPixel;
 	interlace = im->interlace;
 	transparent = im->transparent;
 		if (previm->trueColor) {
 			prev_pim = gdImageCreatePaletteFromTrueColor(previm, 1, 256);
 			if (!prev_pim) {
-				return;
+				goto fail_end;
 			}
 			prev_tim = prev_pim;
 		}

src/gd_interpolation.c

 		}
 		return c;
 	} else {
-		register int border;
+		register int border = 0;
 
 		if (y < im->cy1) {
 			border = im->tpixels[0][im->cx1];
 		}
 		return colorIndex2RGBA(c);
 	} else {
-		register int border;
+		register int border = 0;
 		if (y < im->cy1) {
 			border = gdImageGetPixel(im, im->cx1, 0);
 			goto processborder;
     return res;
 }
 
-static inline _gdContributionsFree(LineContribType * p)
+static inline void _gdContributionsFree(LineContribType * p)
 {
 	unsigned int u;
 	for (u = 0; u < p->LineLength; u++)  {
 	_gdContributionsFree (contrib);
 }
 
-static inline _gdScaleCol (gdImagePtr pSrc,  unsigned int src_width, gdImagePtr pRes, unsigned int dst_width, unsigned int dst_height, unsigned int uCol, LineContribType *contrib)
+static inline void _gdScaleCol (gdImagePtr pSrc,  unsigned int src_width, gdImagePtr pRes, unsigned int dst_width, unsigned int dst_height, unsigned int uCol, LineContribType *contrib)
 {
 	unsigned int y;
-    for (y = 0; y < dst_height - 1; y++) {
-        register unsigned char r = 0, g = 0, b = 0, a = 0;
-        const int iLeft = contrib->ContribRow[y].Left;
-        const int iRight = contrib->ContribRow[y].Right;
+	for (y = 0; y < dst_height - 1; y++) {
+		register unsigned char r = 0, g = 0, b = 0, a = 0;
+		const int iLeft = contrib->ContribRow[y].Left;
+		const int iRight = contrib->ContribRow[y].Right;
 		int i;
 		int *row = pRes->tpixels[y];
 
 		/* Accumulate each channel */
-        for (i = iLeft; i <= iRight; i++) {
-            const int pCurSrc = pSrc->tpixels[i][uCol];
+		for (i = iLeft; i <= iRight; i++) {
+			const int pCurSrc = pSrc->tpixels[i][uCol];
 			const int i_iLeft = i - iLeft;
-            r += (unsigned char)(contrib->ContribRow[y].Weights[i_iLeft] * (double)(gdTrueColorGetRed(pCurSrc)));
-            g += (unsigned char)(contrib->ContribRow[y].Weights[i_iLeft] * (double)(gdTrueColorGetGreen(pCurSrc)));
-            b += (unsigned char)(contrib->ContribRow[y].Weights[i_iLeft] * (double)(gdTrueColorGetBlue(pCurSrc)));
+			r += (unsigned char)(contrib->ContribRow[y].Weights[i_iLeft] * (double)(gdTrueColorGetRed(pCurSrc)));
+			g += (unsigned char)(contrib->ContribRow[y].Weights[i_iLeft] * (double)(gdTrueColorGetGreen(pCurSrc)));
+			b += (unsigned char)(contrib->ContribRow[y].Weights[i_iLeft] * (double)(gdTrueColorGetBlue(pCurSrc)));
 			a += (unsigned char)(contrib->ContribRow[y].Weights[i_iLeft] * (double)(gdTrueColorGetAlpha(pCurSrc)));
-        }
+		}
 		pRes->tpixels[y][uCol] = gdTrueColorAlpha(r, g, b, a);
-    }
+	}
 }
 
-static inline _gdScaleVert (const gdImagePtr pSrc, const unsigned int src_width, const unsigned int src_height, const gdImagePtr pDst, const unsigned int dst_width, const unsigned int dst_height)
+static inline void _gdScaleVert (const gdImagePtr pSrc, const unsigned int src_width, const unsigned int src_height, const gdImagePtr pDst, const unsigned int dst_width, const unsigned int dst_height)
 {
 	unsigned int u;
 	LineContribType * contrib;
 
 	/* same height, copy it */
-    if (src_height == dst_height) {
+	if (src_height == dst_height) {
 		unsigned int y;
 		for (y = 0; y < src_height - 1; ++y) {
 			memcpy(pDst->tpixels[y], pSrc->tpixels[y], src_width);
 		}
-    }
+	}
 
 	contrib = _gdContributionsCalc(dst_height, src_height, (double)(dst_height) / (double)(src_height), pSrc->interpolation);
 	/* scale each column */
 
 gdImagePtr gdImageScaleTwoPass(const gdImagePtr src, const unsigned int src_width, const unsigned int src_height, const unsigned int new_width, const unsigned int new_height)
 {
-    gdImagePtr tmp_im;
+	gdImagePtr tmp_im;
 	gdImagePtr dst;
 
 	tmp_im = gdImageCreateTrueColor(new_width, src_height);
 	if (tmp_im == NULL) {
 		return NULL;
 	}
-	_gdScaleHoriz (src,  src_width, src_height, tmp_im, new_width, src_height);
+	_gdScaleHoriz(src, src_width, src_height, tmp_im, new_width, src_height);
 
 	dst = gdImageCreateTrueColor(new_width, new_height);
 	if (dst == NULL) {
+		gdFree(tmp_im);
 		return NULL;
 	}
 	_gdScaleVert(tmp_im, new_width, src_height, dst, new_width, new_height);
 	gdFree(tmp_im);
 
-
-    return dst;
+	return dst;
 }
 
 gdImagePtr Scale(const gdImagePtr src, const unsigned int src_width, const unsigned int src_height, const gdImagePtr dst, const unsigned int new_width, const unsigned int new_height)
 {
-    gdImagePtr tmp_im;
+	gdImagePtr tmp_im;
 
 	tmp_im = gdImageCreateTrueColor(new_width, src_height);
 	if (tmp_im == NULL) {
 		return NULL;
 	}
-    _gdScaleHoriz(src, src_width, src_height, tmp_im, new_width, src_height);
+	_gdScaleHoriz(src, src_width, src_height, tmp_im, new_width, src_height);
 
-    _gdScaleVert(tmp_im, new_width, src_height, dst, new_width, new_height);
+	_gdScaleVert(tmp_im, new_width, src_height, dst, new_width, new_height);
 
 	gdFree(tmp_im);
-    return dst;
+	return dst;
 }
 
 /*
 		}
 		return c;
 	} else {
-		register int border;
+		register int border = 0;
 		if (y < im->cy1) {
 			border = im->tpixels[0][im->cx1];
 			goto processborder;
 	gdPointF pt, src_pt;
 	gdRect bbox;
 	int end_x, end_y;
-	gdInterpolationMethod interpolotion_id_bak;
+	gdInterpolationMethod interpolation_id_bak = GD_DEFAULT;
 	interpolation_method interpolation_bak;
 
 	/* These methods use special implementations */
 	if (src->interpolation_id == GD_BILINEAR_FIXED || src->interpolation_id == GD_BICUBIC_FIXED || src->interpolation_id == GD_NEAREST_NEIGHBOUR) {
-		interpolotion_id_bak = src->interpolation_id;
+		interpolation_id_bak = src->interpolation_id;
 		interpolation_bak = src->interpolation;
 		
 		gdImageSetInterpolationMethod(src, GD_BICUBIC);
 			gdImageSetClip(src, backup_clipx1, backup_clipy1,
 					backup_clipx2, backup_clipy2);
 		}
-		gdImageSetInterpolationMethod(src, interpolotion_id_bak);
+		gdImageSetInterpolationMethod(src, interpolation_id_bak);
 		return GD_FALSE;
 	}
 
 				backup_clipx2, backup_clipy2);
 	}
 
-	gdImageSetInterpolationMethod(src, interpolotion_id_bak);
+	gdImageSetInterpolationMethod(src, interpolation_id_bak);
 	return GD_TRUE;
 }
 
 
 	int row;
 	unsigned char *rgba = NULL;
-	gdImagePtr dst;
+	gdImagePtr dst = NULL;
 
 	/* Default it to 3 */
 	if (sample_factor < 1) {
 		f = gdImageGetPixel;
 	}
 	dst = gdImageCreateTrueColor(src->sy, src->sx);
-	dst->transparent = src->transparent;
-
 	if (dst != NULL) {
 		int old_blendmode = dst->alphaBlendingFlag;
 		dst->alphaBlendingFlag = 0;
 
+		dst->transparent = src->transparent;
+
 		gdImagePaletteCopy (dst, src);
 
 		for (uY = 0; uY<src->sy; uY++) {
 		f = gdImageGetPixel;
 	}
 	dst = gdImageCreateTrueColor(src->sx, src->sy);
-	dst->transparent = src->transparent;
 
 	if (dst != NULL) {
 		int old_blendmode = dst->alphaBlendingFlag;
 		dst->alphaBlendingFlag = 0;
 
+		dst->transparent = src->transparent;
+
 		gdImagePaletteCopy (dst, src);
 
 		for (uY = 0; uY<src->sy; uY++) {
 		f = gdImageGetPixel;
 	}
 	dst = gdImageCreateTrueColor (src->sy, src->sx);
-	dst->transparent = src->transparent;
 
 	if (dst != NULL) {
 		int old_blendmode = dst->alphaBlendingFlag;
 		dst->alphaBlendingFlag = 0;
 
+		dst->transparent = src->transparent;
+
 		gdImagePaletteCopy (dst, src);
 
 		for (uY = 0; uY<src->sy; uY++) {
 			goto outOfMemory;
 		}
 		for (i = 0; (i < nim->sy); i++) {
-			nim->pixels[i] = gdCalloc (sizeof (unsigned char *), oim->sx);
+			nim->pixels[i] = (unsigned char *) gdCalloc (sizeof (unsigned char *), oim->sx);
 			if (!nim->pixels[i]) {
 				goto outOfMemory;
 			}
 	if (oim->trueColor) {
 		if (!cimP) {
 			/* On failure only */
-			for (i = 0; i < nim->sy; i++) {
-				if (nim->pixels[i]) {
-					gdFree (nim->pixels[i]);
-				}
-			}
 			if (nim->pixels) {
+				for (i = 0; i < nim->sy; i++) {
+					if (nim->pixels[i]) {
+						gdFree (nim->pixels[i]);
+					}
+				}
 				gdFree (nim->pixels);
 			}
-			nim->pixels = 0;
+			nim->pixels = NULL;
 		} else {
 			gdImageDestroy(nim);
 			*cimP = 0;
 	char *fontsearchpath, *fontlist;
 	char *fullname = NULL;
 	char *name, *path, *dir;
-	char *strtok_ptr;
+	char *strtok_ptr = NULL;
 
 	/*
 	 * Search the pathlist for any of a list of font names.
 	 */
 	for (name = gd_strtok_r (fontlist, LISTSEPARATOR, &strtok_ptr); name;
 	        name = gd_strtok_r (0, LISTSEPARATOR, &strtok_ptr)) {
-		char *path_ptr;
+		char *path_ptr = NULL;
 
 		/* make a fresh copy each time - strtok corrupts it. */
 		path = strdup (fontsearchpath);
 int
 main (int argc, char **argv)
 {
-	gdImagePtr im;
+	gdImagePtr im = NULL;
 	FILE *in, *out;
 	if (argc != 3) {
 		fprintf (stderr, "Usage: pngtogd filename.png filename.gd\n");
 	}
 
 	if(skipheader(getin, in)) {
+		gdFree(wbmp);
 		return -1;
 	}