From cd44c13d43c17ca97d8b7fcda7a7003775ebd844 Mon Sep 17 00:00:00 2001 From: Iuri de Silvio Date: Sun, 17 May 2026 21:14:56 +0200 Subject: [PATCH] Use delete[] to free new[]-allocated buffer in decodeJPEGIntoSurface MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `Image::decodeJPEGIntoSurface` allocates a buffer with `new uint8_t[]` and freed it with `free()` on the OOM error path — undefined behavior in C++ (`new[]` and `free()` may use different allocators, and even when they share one they may have different bookkeeping for the array size header). Every other deallocation of `new uint8_t[]` buffers in Image.cc uses `delete[]` correctly; this is the only outlier. Caught by `g++ -Wmismatched-new-delete`. Fixes #2573 --- src/Image.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Image.cc b/src/Image.cc index 06dd564ae..3e4e24689 100644 --- a/src/Image.cc +++ b/src/Image.cc @@ -841,7 +841,7 @@ Image::decodeJPEGIntoSurface(jpeg_decompress_struct *args, Orientation orientati uint8_t *src = new uint8_t[naturalWidth * args->output_components]; if (!src) { - free(data); + delete[] data; jpeg_abort_decompress(args); jpeg_destroy_decompress(args); this->errorInfo.set(NULL, "malloc", errno);