[PATCH v2 0/1] MR7099: windowscodecs: Simplify png_decoder_get_metadata_blocks using realloc.
The code currently `malloc`s a larger memory buffer, and if successful: `memcpy`s the old memory buffer to the new, `free`s the old, and reassigns the pointer. This logic can all be reduced to a `realloc`.
-- v2: windowscodecs: Simplify png_decoder_get_metadata_blocks using realloc.
From: Jeff Smith whydoubt@gmail.com
--- dlls/windowscodecs/libpng.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/dlls/windowscodecs/libpng.c b/dlls/windowscodecs/libpng.c index 137a8e15e33..2c660b83e72 100644 --- a/dlls/windowscodecs/libpng.c +++ b/dlls/windowscodecs/libpng.c @@ -377,10 +377,12 @@ static HRESULT CDECL png_decoder_get_metadata_blocks(struct decoder* iface, do { hr = stream_seek(This->stream, seek, STREAM_SEEK_SET, &chunk_start); - if (FAILED(hr)) goto end; + if (FAILED(hr)) + break;
hr = read_png_chunk(This->stream, chunk_type, NULL, &chunk_size); - if (FAILED(hr)) goto end; + if (FAILED(hr)) + break;
if (chunk_type[0] >= 'a' && chunk_type[0] <= 'z' && memcmp(chunk_type, "tRNS", 4) && memcmp(chunk_type, "pHYs", 4)) @@ -389,23 +391,17 @@ static HRESULT CDECL png_decoder_get_metadata_blocks(struct decoder* iface, if (*count == metadata_blocks_size) { struct decoder_block *new_metadata_blocks; - ULONG new_metadata_blocks_size;
- new_metadata_blocks_size = 4 + metadata_blocks_size * 2; - new_metadata_blocks = malloc(new_metadata_blocks_size * sizeof(*new_metadata_blocks)); + metadata_blocks_size = 4 + metadata_blocks_size * 2; + new_metadata_blocks = realloc(result, metadata_blocks_size * sizeof(*new_metadata_blocks));
if (!new_metadata_blocks) { hr = E_OUTOFMEMORY; - goto end; + break; }
- memcpy(new_metadata_blocks, result, - *count * sizeof(*new_metadata_blocks)); - - free(result); result = new_metadata_blocks; - metadata_blocks_size = new_metadata_blocks_size; }
result[*count].offset = chunk_start; @@ -417,7 +413,6 @@ static HRESULT CDECL png_decoder_get_metadata_blocks(struct decoder* iface, seek = chunk_start + chunk_size + 12; /* skip data and CRC */ } while (memcmp(chunk_type, "IEND", 4));
-end: if (SUCCEEDED(hr)) { *blocks = result;
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=150749
Your paranoid android.
=== debian11b (64 bit WoW report) ===
kernel32: comm.c:1574: Test failed: AbortWaitCts hComPortEvent failed comm.c:1586: Test failed: Unexpected time 1000, expected around 500
winmm: mci: Timeout
On Sun Jan 5 15:58:55 2025 +0000, Jeffrey Smith wrote:
changed this line in [version 2 of the diff](/wine/wine/-/merge_requests/7099/diffs?diff_id=151128&start_sha=c7b655380882b9c3d29f9357b73c5b77dd2693e0#4344734778b941ab8b43a8bd341545497686347f_394_396)
I fixed that up.
I grepped around, and found 225 instances of that unsafe pattern in wine. While those would typically only trigger when reaching memory exhaustion, maybe they should be cleaned up too.
This merge request was approved by Esme Povirk.
-
Esme Povirk (@madewokherd) -
Jeff Smith
-
Jeffrey Smith (@whydoubt)
-
Marvin