From 7e4be6a5845f983a299932d4ccb2c4349cf8dd52 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 9 May 2022 14:28:36 +0200 Subject: [PATCH] shared/json: fix memory leak on failed normalization We need to increase the counter immediately after taking the ref, otherwise we may not unref it properly if we fail before incrementing. --- src/shared/json.c | 5 +++-- test/fuzz/fuzz-json/leak-normalize-fail | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 test/fuzz/fuzz-json/leak-normalize-fail diff --git a/src/shared/json.c b/src/shared/json.c index 55e6d95cdb..2e52443dde 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -4655,10 +4655,11 @@ int json_variant_normalize(JsonVariant **v) { if (!a) return -ENOMEM; - for (i = 0; i < m; i++) { + for (i = 0; i < m; ) { a[i] = json_variant_ref(json_variant_by_index(*v, i)); + i++; - r = json_variant_normalize(a + i); + r = json_variant_normalize(&a[i-1]); if (r < 0) goto finish; } diff --git a/test/fuzz/fuzz-json/leak-normalize-fail b/test/fuzz/fuzz-json/leak-normalize-fail new file mode 100644 index 0000000000..b247ccd199 --- /dev/null +++ b/test/fuzz/fuzz-json/leak-normalize-fail @@ -0,0 +1 @@ +[7E73] \ No newline at end of file -- 2.25.1