:: commit d45e7a64341a067ed4a5422f55e674bf27321a3d
lib/image: Fix incorrect free of stbi-allocated buffer corrupting memmap
diff --git a/common/lib/image.c b/common/lib/image.c
index 64c56456..805764c9 100644
--- a/common/lib/image.c
+++ b/common/lib/image.c
@@ -40,7 +40,7 @@ struct image *image_open(struct file_handle *file) {
if (image->img == NULL || x == 0 || y == 0) {
if (image->img != NULL) {
// stbi allocated but dimensions are degenerate
- pmm_free(image->img, (size_t)x * (size_t)y * 4);
+ stbi_image_free(image->img);
}
pmm_free(image, sizeof(struct image));
return NULL;
@@ -49,7 +49,7 @@ struct image *image_open(struct file_handle *file) {
// Convert ABGR to XRGB
uint32_t *pptr = (void *)image->img;
size_t pixel_count = CHECKED_MUL((size_t)x, (size_t)y,
- ({ pmm_free(image, sizeof(struct image)); return NULL; }));
+ ({ stbi_image_free(image->img); pmm_free(image, sizeof(struct image)); return NULL; }));
for (size_t i = 0; i < pixel_count; i++) {
pptr[i] = (pptr[i] & 0x0000ff00) | ((pptr[i] & 0x00ff0000) >> 16) | ((pptr[i] & 0x000000ff) << 16);
}
@@ -57,7 +57,7 @@ struct image *image_open(struct file_handle *file) {
image->x_size = x;
image->y_size = y;
image->pitch = (int)CHECKED_MUL((size_t)x, 4,
- ({ pmm_free(image, sizeof(struct image)); return NULL; }));
+ ({ stbi_image_free(image->img); pmm_free(image, sizeof(struct image)); return NULL; }));
image->bpp = 32;
image->img_width = x;
image->img_height = y;
