jplist: Fix memory leak on parse error

Credit to OSS-Fuzz

2 files changed, 3 insertions, 0 deletions

diff --git a/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656 b/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656
new file mode 100644
index 0000000..f19d601
--- /dev/null
+++ b/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656
@@ -0,0 +1 @@
+[[][[][][][][][]{"ÿ222ÀÀÀÀÀÀÀÀÀÀÀÀ\uDBFF\uDFFFÀÀÀÀeÀÀ2ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ2221Ø2222222ÀÀÀÀÀÀÀÀÀÀÀ\uDBFF\uDFFFÀÀÀÀeÀÀ2ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ[]\r[][][][]ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ2221Ø2222222222h che[][][][][][][][][][][][][][][][][][][][][][][[][][][][][][][][][][][][][][][][][][][][][][][][][]22222h che22#"}[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]][]]
\ No newline at end of file
diff --git a/src/jplist.c b/src/jplist.c
index 1629f59..c2d3ae3 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -634,6 +634,7 @@ static plist_t parse_array(const char* js, jsmntok_info_t* ti, int* index)
     for (num = 0; num < num_tokens; num++) {
         if (j >= ti->count) {
             PLIST_JSON_ERR("%s: token index out of valid range\n", __func__);
+            plist_free(arr);
             return NULL;
         }
         plist_t val = NULL;
@@ -677,6 +678,7 @@ static plist_t parse_object(const char* js, jsmntok_info_t* ti, int* index)
     for (num = 0; num < num_tokens; num++) {
         if (j >= ti->count) {
             PLIST_JSON_ERR("%s: token index out of valid range\n", __func__);
+            plist_free(obj);
             return NULL;
         }
         if (ti->tokens[j].type == JSMN_STRING) {