stb_image is a single file MIT licensed library for processing images. It may look like stbi__load_gif_main doesn’t give guarantees about the content of output value *delays upon failure. Although it sets *delays to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to stbi__load_gif_main_outofmem only frees possibly allocated memory in *delays without resetting it to zero. Thus it would be fair to say the caller of stbi__load_gif_main is responsible to free the allocated memory in *delays only if stbi__load_gif_main returns a non null value. However at the same time the function may return null value, but fail to free the memory in *delays if internally stbi__convert_format is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free delays only when stbi__load_gif_main didn’t fail or to a double-free if the delays is always freed
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Stb_image.h | Nothings | 2.28 (including) | 2.28 (including) |
| Libstb | Ubuntu | bionic | * |
| Libstb | Ubuntu | lunar | * |
| Libstb | Ubuntu | mantic | * |
| Libstb | Ubuntu | trusty | * |
| Libstb | Ubuntu | xenial | * |