From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sun, 5 Oct 2025 16:01:48 +0000 (+0100)
Subject: [Fix] Fix memory leak in rspamd_shingles_from_html
X-Git-Tag: 3.14.0~87^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75cab9c28d36ea6480744e2d80c3e1a53c39fbd7;p=thirdparty%2Frspamd.git

[Fix] Fix memory leak in rspamd_shingles_from_html

The struct_sgl object from generate_shingles_from_string_tokens() was only
deleted when pool == nullptr, causing memory leaks when a memory pool was
active. Now struct_sgl is always deleted after copying to res, regardless
of pool allocation method.
---

diff --git a/src/libutil/shingles_html.cxx b/src/libutil/shingles_html.cxx
index 8792f3ee84..6a6e6cd806 100644
--- a/src/libutil/shingles_html.cxx
+++ b/src/libutil/shingles_html.cxx
@@ -427,7 +427,7 @@ rspamd_shingles_from_html(void *html_content,
 		return nullptr;
 	}
 
-	/* Allocate result */
+	/* Allocate result after all early exit checks to avoid leaks */
 	struct rspamd_html_shingle *res;
 	if (pool) {
 		res = static_cast<rspamd_html_shingle *>(rspamd_mempool_alloc0(pool, sizeof(*res)));
@@ -451,9 +451,8 @@ rspamd_shingles_from_html(void *html_content,
 
 	if (struct_sgl) {
 		std::memcpy(&res->structure_shingles, struct_sgl, sizeof(struct rspamd_shingle));
-		if (pool == nullptr) {
-			delete struct_sgl;
-		}
+		/* Always delete struct_sgl after copying, regardless of pool */
+		delete struct_sgl;
 	}
 	else {
 		std::memset(&res->structure_shingles, 0, sizeof(struct rspamd_shingle));