diff options
author | Nikias Bassen | 2022-02-02 04:45:40 +0100 |
---|---|---|
committer | Nikias Bassen | 2022-02-02 04:45:40 +0100 |
commit | d7758c07ec8200d20c68384b291ca9e948802e92 (patch) | |
tree | 9857ac8a015872584d0c04cc4a235b7e0d56c779 | |
parent | 474c8eb82e776bfac804338247045b11fa389d8d (diff) | |
download | libplist-d7758c07ec8200d20c68384b291ca9e948802e92.tar.gz libplist-d7758c07ec8200d20c68384b291ca9e948802e92.tar.bz2 |
jplist: Fix memory leak on parse error
Credit to OSS-Fuzz
-rw-r--r-- | fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656 | 1 | ||||
-rw-r--r-- | src/jplist.c | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656 b/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656 new file mode 100644 index 0000000..f19d601 --- /dev/null +++ b/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656 @@ -0,0 +1 @@ +[[][[][][][][][]{"ÿ222ÀÀÀÀÀÀÀÀÀÀÀÀ\uDBFF\uDFFFÀÀÀÀeÀÀ2ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ2221Ø2222222ÀÀÀÀÀÀÀÀÀÀÀ\uDBFF\uDFFFÀÀÀÀeÀÀ2ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ[]\r[][][][]ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ2221Ø2222222222h che[][][][][][][][][][][][][][][][][][][][][][][[][][][][][][][][][][][][][][][][][][][][][][][][][]22222h che22#"}[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]][]]
\ No newline at end of file diff --git a/src/jplist.c b/src/jplist.c index 1629f59..c2d3ae3 100644 --- a/src/jplist.c +++ b/src/jplist.c @@ -634,6 +634,7 @@ static plist_t parse_array(const char* js, jsmntok_info_t* ti, int* index) for (num = 0; num < num_tokens; num++) { if (j >= ti->count) { PLIST_JSON_ERR("%s: token index out of valid range\n", __func__); + plist_free(arr); return NULL; } plist_t val = NULL; @@ -677,6 +678,7 @@ static plist_t parse_object(const char* js, jsmntok_info_t* ti, int* index) for (num = 0; num < num_tokens; num++) { if (j >= ti->count) { PLIST_JSON_ERR("%s: token index out of valid range\n", __func__); + plist_free(obj); return NULL; } if (ti->tokens[j].type == JSMN_STRING) { |