Potential double free on malloc failure in opj_j2k_copy_default_tcp_and_create_tcp()

[GoogleCodeExporter]

The opj_j2k_copy_default_tcp_and_create_tcp() function memcpy's a top-level
struct, and then replaces pointers to memory owned by the original struct
with new blocks of memory. Unfortunately, an early return can leave the
copy with pointers to memory it doesn't own, which causes problems when
cleaning up the partially-initialized struct.

The issue was found downstream in 
https://code.google.com/p/chromium/issues/detail?id=486538

A proposed patch is attached.

Original issue reported on code.google.com by tsepez@chromium.org on 18 May 2015 at 10:41

Attachments:

• jpeg.diff

[GoogleCodeExporter]

Thanks for the patch.

Original comment by m.darb...@gmail.com on 19 May 2015 at 9:39

• Changed state: Started

[GoogleCodeExporter]

This issue was closed by revision r3002.

Original comment by m.darb...@gmail.com on 19 May 2015 at 9:57

• Changed state: Fixed