From: Ngie Cooper Date: Sun, 11 Dec 2016 02:32:11 +0000 (-0800) Subject: Fix memory management issues X-Git-Tag: v3.3.0~91^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15a23f96e1b10a5d336e75ab681c31bbc7d3d36b;p=thirdparty%2Flibarchive.git Fix memory management issues 1. Assert that `f` isn't NULL to strengthen the guarantee that it's valid. 2. Assert that `rawimage` isn't NULL to strengthen the guarantee that it's valid. 3. Do not leak `tmp` 4. Free `rawimage` in all instances; NULL out the value to avoid double-free'ing it by accident Reported by: Coverity CID: 1331454 [1], 1361651 [2], 1361669 [3], 1361679 [4] --- diff --git a/libarchive/test/test_fuzz.c b/libarchive/test/test_fuzz.c index 602b89466..ff064c07d 100644 --- a/libarchive/test/test_fuzz.c +++ b/libarchive/test/test_fuzz.c @@ -104,16 +104,19 @@ test_fuzz(const struct files *filesets) } if (!assert(size < buffsize)) { free(rawimage); + rawimage = NULL; continue; } } else { for (i = 0; filesets[n].names[i] != NULL; ++i) { tmp = slurpfile(&size, filesets[n].names[i]); - char *newraw = (char *)realloc(rawimage, oldsize + size); + char *newraw = realloc(rawimage, oldsize + size); if (!assert(newraw != NULL)) { free(rawimage); + rawimage = NULL; + free(tmp); continue; } rawimage = newraw; @@ -123,14 +126,21 @@ test_fuzz(const struct files *filesets) free(tmp); } } - if (size == 0) + if (size == 0) { + free(rawimage); + rawimage = NULL; continue; + } image = malloc(size); assert(image != NULL); if (image == NULL) { free(rawimage); + rawimage = NULL; return; } + + assert(rawimage != NULL); + srand((unsigned)time(NULL)); for (i = 0; i < 1000; ++i) { @@ -162,6 +172,7 @@ test_fuzz(const struct files *filesets) Sleep(100); #endif } + assert(f != NULL); assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f)); fclose(f); @@ -195,7 +206,7 @@ test_fuzz(const struct files *filesets) archive_read_close(a); } archive_read_free(a); -} + } free(image); free(rawimage); }