summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2022-02-02 04:45:40 +0100
committerGravatar Nikias Bassen2022-02-02 04:45:40 +0100
commitd7758c07ec8200d20c68384b291ca9e948802e92 (patch)
tree9857ac8a015872584d0c04cc4a235b7e0d56c779
parent474c8eb82e776bfac804338247045b11fa389d8d (diff)
downloadlibplist-d7758c07ec8200d20c68384b291ca9e948802e92.tar.gz
libplist-d7758c07ec8200d20c68384b291ca9e948802e92.tar.bz2
jplist: Fix memory leak on parse error
Credit to OSS-Fuzz
-rw-r--r--fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-58161116968386561
-rw-r--r--src/jplist.c2
2 files changed, 3 insertions, 0 deletions
diff --git a/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656 b/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656
new file mode 100644
index 0000000..f19d601
--- /dev/null
+++ b/fuzz/jplist-leaks/clusterfuzz-testcase-minimized-jplist_fuzzer-5816111696838656
@@ -0,0 +1 @@
+[[][[][][][][][]{"ÿ222ÀÀÀÀÀÀÀÀÀÀÀÀ\uDBFF\uDFFFÀÀÀÀeÀÀ2ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ2221Ø2222222ÀÀÀÀÀÀÀÀÀÀÀ\uDBFF\uDFFFÀÀÀÀeÀÀ2ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ[]\r[][][][]ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ2221Ø2222222222h che[][][][][][][][][][][][][][][][][][][][][][][[][][][][][][][][][][][][][][][][][][][][][][][][][]22222h che22#"}[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]][]] \ No newline at end of file
diff --git a/src/jplist.c b/src/jplist.c
index 1629f59..c2d3ae3 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -634,6 +634,7 @@ static plist_t parse_array(const char* js, jsmntok_info_t* ti, int* index)
for (num = 0; num < num_tokens; num++) {
if (j >= ti->count) {
PLIST_JSON_ERR("%s: token index out of valid range\n", __func__);
+ plist_free(arr);
return NULL;
}
plist_t val = NULL;
@@ -677,6 +678,7 @@ static plist_t parse_object(const char* js, jsmntok_info_t* ti, int* index)
for (num = 0; num < num_tokens; num++) {
if (j >= ti->count) {
PLIST_JSON_ERR("%s: token index out of valid range\n", __func__);
+ plist_free(obj);
return NULL;
}
if (ti->tokens[j].type == JSMN_STRING) {