[rpms/hplip] f44: Fix more leaks after CVE-2026-8632 fix

[rpms/hplip] f44: Fix more leaks after CVE-2026-8632 fix

[Zdenek Dohnal]

A new commit has been pushed.

Repo   : rpms/hplip
Branch : f44
Commit : 0a47faa5bb680e205590af0f06f4e598124ee304
Author : Zdenek Dohnal <zdohnal@redhat.com>
Date   : 2026-06-15T13:00:20+02:00
Stats  : +65/-2 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/hplip/c/0a47faa5bb680e205590af0f06f4e598124ee304?branch=f44

Log:
Fix more leaks after CVE-2026-8632 fix

---
diff --git a/hplip-CVE-2026-8631-osh.patch b/hplip-CVE-2026-8631-osh.patch
index 2e906d9..91baaa7 100644
--- a/hplip-CVE-2026-8631-osh.patch
+++ b/hplip-CVE-2026-8631-osh.patch
@@ -1,5 +1,5 @@
 diff --git a/prnt/hpcups/genPCLm.cpp b/prnt/hpcups/genPCLm.cpp
-index 0e1650c..e0c5248 100644
+index 0e1650c..5f83cba 100644
 --- a/prnt/hpcups/genPCLm.cpp
 +++ b/prnt/hpcups/genPCLm.cpp
 @@ -1917,8 +1917,11 @@ int  PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
@@ -33,3 +33,63 @@ index 0e1650c..e0c5248 100644
  			memset(tmpStrip,whitePt,tmpStripSize);
  
  
+@@ -2012,7 +2021,10 @@ int  PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
+ 	{
+ 		int sourceLen=0;
+ 		if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))
++		{
++			free(newStripPtr);
+ 			return(errorOutAndCleanUp());
++		}
+ 		uint32 len=(uint32)sourceLen;
+ 		uLongf destSize=len;
+ 
+@@ -2021,12 +2033,18 @@ int  PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
+ 			ubyte whitePt=0xff;
+ 			size_t tmpStripSize=0;
+ 			if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
++			{
++				free(newStripPtr);
+ 				return(errorOutAndCleanUp());
++			}
+ 
+ 			// We need to inject a blank image-strip with a height==topMarginInPix
+ 			ubyte *tmpStrip=(ubyte*)malloc(tmpStripSize);
+ 			if(!tmpStrip)
++			{
++				free(newStripPtr);
+ 				return(errorOutAndCleanUp());
++			}
+ 			uLongf tmpDestSize=destSize;
+ 			memset(tmpStrip,whitePt,tmpStripSize);
+ 
+@@ -2075,20 +2093,29 @@ int  PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
+ 	{
+ 		int sourceLen=0;
+ 		if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen))
++		{
++			free(newStripPtr);
+ 			return(errorOutAndCleanUp());
++		}
+ 
+ 		if(firstStrip && topMarginInPix)
+ 		{
+ 			ubyte whitePt=0xff;
+ 			size_t tmpStripSize=0;
+ 			if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
++			{
++				free(newStripPtr);
+ 				return(errorOutAndCleanUp());
++			}
+ 
+ 			// We need to inject a blank image-strip with a height==topMarginInPix
+ 
+ 			ubyte *tmpStrip=(ubyte*)malloc(tmpStripSize);
+ 			if(!tmpStrip)
++			{
++				free(newStripPtr);
+ 				return(errorOutAndCleanUp());
++			}
+ 			memset(tmpStrip,whitePt,tmpStripSize);
+ 
+ 			for(sint32 stripCntr=0; stripCntr<numFullInjectedStrips;stripCntr++)

diff --git a/hplip.spec b/hplip.spec
index 3f2f2cb..bfc5286 100644
--- a/hplip.spec
+++ b/hplip.spec
@@ -7,7 +7,7 @@
 Summary: HP Linux Imaging and Printing Project
 Name: hplip
 Version: 3.26.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 # most files (base/*, *, ui*/...) - GPL2+
 # prnt/hpijs/ jpeg related files - IJG
 # prnt/* - BSD-3-Clause-HP - it is modified a little, asked here https://gitlab.com/fedora/legal/fedora-license-data/-/issues/267
@@ -1001,6 +1001,9 @@ find doc/images -type f -exec chmod 644 {} \;
 %config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio
 
 %changelog
+* Mon Jun 15 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.26.4-6
+- Fix more leaks after CVE-2026-8632 fix
+
 * Fri Jun 12 2026 Yaakov Selkowitz <yselkowi@redhat.com> - 3.26.4-5
 - Rebuilt for openssl 4.0