You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.5 KiB
42 lines
1.5 KiB
From 0c5992cdb85ac6d9d14b95e77f03797600e87667 Mon Sep 17 00:00:00 2001 |
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
|
Date: Mon, 9 May 2022 14:28:36 +0200 |
|
Subject: [PATCH] shared/json: fix memory leak on failed normalization |
|
|
|
We need to increase the counter immediately after taking the ref, |
|
otherwise we may not unref it properly if we fail before incrementing. |
|
|
|
(cherry picked from commit 7e4be6a5845f983a299932d4ccb2c4349cf8dd52) |
|
Related: #2087652 |
|
--- |
|
src/shared/json.c | 5 +++-- |
|
test/fuzz/fuzz-json/leak-normalize-fail | 1 + |
|
2 files changed, 4 insertions(+), 2 deletions(-) |
|
create mode 100644 test/fuzz/fuzz-json/leak-normalize-fail |
|
|
|
diff --git a/src/shared/json.c b/src/shared/json.c |
|
index ea1291e21b..fe05657dad 100644 |
|
--- a/src/shared/json.c |
|
+++ b/src/shared/json.c |
|
@@ -4655,10 +4655,11 @@ int json_variant_normalize(JsonVariant **v) { |
|
if (!a) |
|
return -ENOMEM; |
|
|
|
- for (i = 0; i < m; i++) { |
|
+ for (i = 0; i < m; ) { |
|
a[i] = json_variant_ref(json_variant_by_index(*v, i)); |
|
+ i++; |
|
|
|
- r = json_variant_normalize(a + i); |
|
+ r = json_variant_normalize(&a[i-1]); |
|
if (r < 0) |
|
goto finish; |
|
} |
|
diff --git a/test/fuzz/fuzz-json/leak-normalize-fail b/test/fuzz/fuzz-json/leak-normalize-fail |
|
new file mode 100644 |
|
index 0000000000..b247ccd199 |
|
--- /dev/null |
|
+++ b/test/fuzz/fuzz-json/leak-normalize-fail |
|
@@ -0,0 +1 @@ |
|
+[7E73] |
|
\ No newline at end of file
|
|
|