Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CGImages loaded from container data (JPEG, PNG, TIFF) can use-after-free their buffers. #1412

Closed
DHowett-MSFT opened this issue Nov 18, 2016 · 5 comments
Closed

CGImages loaded from container data (JPEG, PNG, TIFF) can use-after-free their buffers. #1412

DHowett-MSFT opened this issue Nov 18, 2016 · 5 comments
Assignees
@msft-Jeyaram
Labels
Area-Foundation Bug SubArea-CoreGraphics

Comments

@DHowett-MSFT
Copy link

DHowett-MSFT commented Nov 18, 2016
edited
Loading

In CGImage here, we specify OnDemand caching for images loaded from WIC frame decoders.

Unfortunately, if you do this:

CFDataRef data = CFDataCreate(...);
CGImageRef image = CGImageCreateWithDataProvider(CGDataProviderCreateWithCFData(data), ...);
CFRelease(data);
CGImageDoAnythingAtAll(image);

Line 4 will cause CGImage through WIC to read the buffer backing the CGData destroyed on line 3.

Interim solution: Switch to OnLoad.

Suggested future solution: Implement an IWICStream that is backed by a CGDataProvider.
@DHowett-MSFT
Copy link
Author

As part of the aforementioned future solution, we could switch back to OnDemand (and reap all the savings.)

@msft-Jeyaram
Copy link
Contributor

Saw this issue when we did bitmap context, made these changes in bitmap context. missed the decoder one.
Updating

@DHowett-MSFT
Copy link
Author

Definitely don't do it tonight! I've worked around it for CoreGraphics.Drawing.UnitTests.

@msft-Jeyaram
Copy link
Contributor

LOL so the existing CGImage tests would of got this easily, but we autoreleased the CFData, rather than a release right away.

@msft-Jeyaram
Copy link
Contributor

#1413

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msft-Jeyaram msft-Jeyaram

Labels
Area-Foundation Bug SubArea-CoreGraphics
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DHowett-MSFT @msft-Jeyaram