Attempting free on address which was not malloc()

[duytai]

Version: img2sixel 1.8.6
Ubuntu: Ubuntu 16.04.6 LTS
Clang: 11.0.1

I compile the project with ASAN:

CXX=$(CXX) CC$(CC)= ./configure --disable-shared
AFL_USE_ASAN=1 make

and run a command to covert png to sixel:

img2sixel -i poc -o tmp.sixel

ASAN log:

libpng warning: iCCP: CRC error
=================================================================
==3043==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x0c0e00000013 in thread T0
    #0 0x49620d in free (/home/long2/sneu/libsixel/converters/img2sixel+0x49620d)
    #1 0x556f5a in load_png /home/long2/sneu/libsixel/src/loader.c:633:5
    #2 0x50f907 in load_with_builtin /home/long2/sneu/libsixel/src/loader.c:889:18
    #3 0x50f907 in sixel_helper_load_image_file /home/long2/sneu/libsixel/src/loader.c:1418:18
    #4 0x4d4cbd in sixel_encoder_encode /home/long2/sneu/libsixel/src/encoder.c:1743:14
    #5 0x4c7c8f in main /home/long2/sneu/libsixel/converters/img2sixel.c:457:22
    #6 0x7fc60028582f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
    #7 0x41c618 in _start (/home/long2/sneu/libsixel/converters/img2sixel+0x41c618)

Address 0x0c0e00000013 is located in the high shadow area.
SUMMARY: AddressSanitizer: bad-free (/home/long2/sneu/libsixel/converters/img2sixel+0x49620d) in free
==3043==ABORTING

poc.zip
Because uploading the zip failed, plz unzip file to get png image

[j4james]

I think this is the same issue as #134, and it was likely fixed by the following commit in the libsixel/libsixel fork: libsixel@e71aacc. But it's difficult to reproduce even without that patch, because newer versions of libpng no longer trigger the code path that was causing the attempted free in the first place.

[saitoha]

I'd like to close this issue as @ctrlcctrlv's 76b491d has been merged. Thank you very much.