Fix memory management issues

1. Assert that `f` isn't NULL to strengthen the guarantee that
   it's valid.
2. Assert that `rawimage` isn't NULL to strengthen the guarantee
   that it's valid.
3. Do not leak `tmp`
4. Free `rawimage` in all instances; NULL out the value to avoid
   double-free'ing it by accident

Reported by:	Coverity
CID:		1331454 [1], 1361651 [2], 1361669 [3], 1361679 [4]

diff --git a/libarchive/test/test_fuzz.c b/libarchive/test/test_fuzz.c
index 602b894661cced4639ae01182c5219289816c177..ff064c07d4983c3b666d4c54a1f7a3650139a9b2 100644 (file)
--- a/libarchive/test/test_fuzz.c
+++ b/libarchive/test/test_fuzz.c
@@ -104,16 +104,19 @@ test_fuzz(const struct files *filesets)
                        }
                        if (!assert(size < buffsize)) {
                                free(rawimage);
+                               rawimage = NULL;
                                continue;
                        }
                } else {
                        for (i = 0; filesets[n].names[i] != NULL; ++i)
                        {
                                tmp = slurpfile(&size, filesets[n].names[i]);
-                               char *newraw = (char *)realloc(rawimage, oldsize + size);
+                               char *newraw = realloc(rawimage, oldsize + size);
                                if (!assert(newraw != NULL))
                                {
                                        free(rawimage);
+                                       rawimage = NULL;
+                                       free(tmp);
                                        continue;
                                }
                                rawimage = newraw;
@@ -123,14 +126,21 @@ test_fuzz(const struct files *filesets)
                                free(tmp);
                        }
                }
-               if (size == 0)
+               if (size == 0) {
+                       free(rawimage);
+                       rawimage = NULL;
                        continue;
+               }
                image = malloc(size);
                assert(image != NULL);
                if (image == NULL) {
                        free(rawimage);
+                       rawimage = NULL;
                        return;
                }
+
+               assert(rawimage != NULL);
+
                srand((unsigned)time(NULL));
 
                for (i = 0; i < 1000; ++i) {
@@ -162,6 +172,7 @@ test_fuzz(const struct files *filesets)
                                Sleep(100);
 #endif
                        }
+                       assert(f != NULL);
                        assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f));
                        fclose(f);
 
@@ -195,7 +206,7 @@ test_fuzz(const struct files *filesets)
                                archive_read_close(a);
                        }
                        archive_read_free(a);
-}
+               }
                free(image);
                free(rawimage);
        }