43 lines
1.5 KiB
Diff
43 lines
1.5 KiB
Diff
From 0c5992cdb85ac6d9d14b95e77f03797600e87667 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
Date: Mon, 9 May 2022 14:28:36 +0200
|
|
Subject: [PATCH] shared/json: fix memory leak on failed normalization
|
|
|
|
We need to increase the counter immediately after taking the ref,
|
|
otherwise we may not unref it properly if we fail before incrementing.
|
|
|
|
(cherry picked from commit 7e4be6a5845f983a299932d4ccb2c4349cf8dd52)
|
|
Related: #2087652
|
|
---
|
|
src/shared/json.c | 5 +++--
|
|
test/fuzz/fuzz-json/leak-normalize-fail | 1 +
|
|
2 files changed, 4 insertions(+), 2 deletions(-)
|
|
create mode 100644 test/fuzz/fuzz-json/leak-normalize-fail
|
|
|
|
diff --git a/src/shared/json.c b/src/shared/json.c
|
|
index ea1291e21b..fe05657dad 100644
|
|
--- a/src/shared/json.c
|
|
+++ b/src/shared/json.c
|
|
@@ -4655,10 +4655,11 @@ int json_variant_normalize(JsonVariant **v) {
|
|
if (!a)
|
|
return -ENOMEM;
|
|
|
|
- for (i = 0; i < m; i++) {
|
|
+ for (i = 0; i < m; ) {
|
|
a[i] = json_variant_ref(json_variant_by_index(*v, i));
|
|
+ i++;
|
|
|
|
- r = json_variant_normalize(a + i);
|
|
+ r = json_variant_normalize(&a[i-1]);
|
|
if (r < 0)
|
|
goto finish;
|
|
}
|
|
diff --git a/test/fuzz/fuzz-json/leak-normalize-fail b/test/fuzz/fuzz-json/leak-normalize-fail
|
|
new file mode 100644
|
|
index 0000000000..b247ccd199
|
|
--- /dev/null
|
|
+++ b/test/fuzz/fuzz-json/leak-normalize-fail
|
|
@@ -0,0 +1 @@
|
|
+[7E73]
|
|
\ No newline at end of file
|