commit e69d9d2e7fde9dff70ba36dbc46b60bdd000cebb
author Ram Mohan <ram.mohan@ittiam.com> Fri Jun 02 17:44:45 2023 +0530
committer Dichen Zhang <dichenzhang@google.com> Tue Jun 06 01:09:23 2023 +0000
tree 394882c9c9d8c666e68a68c576cd809124a3086b
parent 05ff67be11fb137d986299ce8f8ed3abc5655e4d

ultrahdr: release memory if encode/decode fails

If calls to encode/decode failed, release the allocated memory
before returning the control to caller

Bug: 285546217
Test: ./ultrahdr_dec_fuzzer
Test: ./ultrahdr_enc_fuzzer

Change-Id: I276c31cc56656aa41845a16f5d28783bc3adc772

libs/ultrahdr/jpegdecoderhelper.cpp

diff --git a/libs/ultrahdr/jpegdecoderhelper.cpp b/libs/ultrahdr/jpegdecoderhelper.cpp
index 2a9bc9a..0bad4a4 100644
--- a/libs/ultrahdr/jpegdecoderhelper.cpp
+++ b/libs/ultrahdr/jpegdecoderhelper.cpp
@@ -150,6 +150,7 @@
     jpeg_decompress_struct cinfo;
     jpegr_source_mgr mgr(static_cast<const uint8_t*>(image), length);
     jpegrerror_mgr myerr;
+    bool status = true;
 
     cinfo.err = jpeg_std_error(&myerr.pub);
     myerr.pub.error_exit = jpegrerror_exit;
@@ -216,7 +217,8 @@
     if (cinfo.image_width > kMaxWidth || cinfo.image_height > kMaxHeight) {
         // constraint on max width and max height is only due to alloc constraints
         // tune these values basing on the target device
-        return false;
+        status = false;
+        goto CleanUp;
     }
 
     mWidth = cinfo.image_width;
@@ -225,7 +227,8 @@
     if (decodeToRGBA) {
         if (cinfo.jpeg_color_space == JCS_GRAYSCALE) {
             // We don't intend to support decoding grayscale to RGBA
-            return false;
+            status = false;
+            goto CleanUp;
         }
         // 4 bytes per pixel
         mResultBuffer.resize(cinfo.image_width * cinfo.image_height * 4);
@@ -238,7 +241,8 @@
                 cinfo.comp_info[0].v_samp_factor != 2 ||
                 cinfo.comp_info[1].v_samp_factor != 1 ||
                 cinfo.comp_info[2].v_samp_factor != 1) {
-                return false;
+                status = false;
+                goto CleanUp;
             }
             mResultBuffer.resize(cinfo.image_width * cinfo.image_height * 3 / 2, 0);
         } else if (cinfo.jpeg_color_space == JCS_GRAYSCALE) {
@@ -254,13 +258,15 @@
 
     if (!decompress(&cinfo, static_cast<const uint8_t*>(mResultBuffer.data()),
             cinfo.jpeg_color_space == JCS_GRAYSCALE)) {
-        return false;
+        status = false;
+        goto CleanUp;
     }
 
+CleanUp:
     jpeg_finish_decompress(&cinfo);
     jpeg_destroy_decompress(&cinfo);
 
-    return true;
+    return status;
 }
 
 bool JpegDecoderHelper::decompress(jpeg_decompress_struct* cinfo, const uint8_t* dest,
@@ -367,7 +373,7 @@
     uint8_t* y_plane = const_cast<uint8_t*>(dest);
     uint8_t* u_plane = const_cast<uint8_t*>(dest + y_plane_size);
     uint8_t* v_plane = const_cast<uint8_t*>(dest + y_plane_size + uv_plane_size);
-    std::unique_ptr<uint8_t[]> empty(new uint8_t[cinfo->image_width]);
+    std::unique_ptr<uint8_t[]> empty = std::make_unique<uint8_t[]>(cinfo->image_width);
     memset(empty.get(), 0, cinfo->image_width);
 
     const int aligned_width = ALIGNM(cinfo->image_width, kCompressBatchSize);
@@ -441,7 +447,7 @@
     JSAMPARRAY planes[1] {y};
 
     uint8_t* y_plane = const_cast<uint8_t*>(dest);
-    std::unique_ptr<uint8_t[]> empty(new uint8_t[cinfo->image_width]);
+    std::unique_ptr<uint8_t[]> empty = std::make_unique<uint8_t[]>(cinfo->image_width);
     memset(empty.get(), 0, cinfo->image_width);
 
     int aligned_width = ALIGNM(cinfo->image_width, kCompressBatchSize);