commit b62563e31283ef0cc1bf2d7315c8255560d15338
parent 14cd5e72ce5a0b649d342e1bc38a7b0fb44a91e5
Author: Remy Noulin <loader2x@gmail.com>
Date: Sun, 3 Jul 2022 16:31:21 +0200
Fix memory leaks
Plug the memory leaks in the json parser that happen when an unexpected
end of string is encountered.
It was found while fuzzing with libfuzzer and address sanitizer (llvm).
Plug the memory leaks when a baset object of type not smallArray,
smallBool, smallBytes, smallDict, smallDouble, smallInt, smallString is
in an array, dict or json object which disposed or smashed.
When a non libsheepy baset object is stored in an array, dict or json,
an sContainer is created. This sContainer has to be freed when the
array, dict or json is disposed or smashed.
release/libsheepy.h | 2 +-
src/json/laxjson.c | 6 ++++--
src/json/libsheepyCSmallArray.c | 6 ++++++
src/json/libsheepyCSmallDict.c | 4 ++++
src/json/libsheepyCSmallJson.c | 10 ++++++++++
src/libsheepy.h | 2 +-
6 files changed, 26 insertions(+), 4 deletions(-)
Diffstat:
6 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/release/libsheepy.h b/release/libsheepy.h
@@ -98,7 +98,7 @@
// version accoring to the version package: Release.Major.minor.patch
// https://noulin.net/version/file/README.md.html
-#define LIBSHEEPY_VERSION "2.2.10.1"
+#define LIBSHEEPY_VERSION "2.2.10.2"
#ifndef SH_PREFIX
#define SH_PREFIX(NAME) NAME
diff --git a/src/json/laxjson.c b/src/json/laxjson.c
@@ -368,8 +368,8 @@ enum LaxJsonError lax_json_feed(struct LaxJsonContext *context, int size, const
context->unicode_point = 0;
break;
default:;
- // "\" should be escaped
- return LaxJsonErrorAborted;
+ // "\" should be escaped
+ return LaxJsonErrorAborted;
}
break;
case LaxJsonStateUnicodeEscape:
@@ -724,10 +724,12 @@ enum LaxJsonError lax_json_feed(struct LaxJsonContext *context, int size, const
BUFFER_CHAR('\0');
if (context->number(context, context->value_buffer))
return LaxJsonErrorAborted;
+ pop_state(context);
break;
default:
return LaxJsonErrorAborted;
}
+ err = lax_json_eof(context);
}
return err;
}
diff --git a/src/json/libsheepyCSmallArray.c b/src/json/libsheepyCSmallArray.c
@@ -1579,6 +1579,12 @@ internal char* escapeSmallArray(smallArrayt *self) {
internal void disposeSmallArray(smallArrayt *self) {
if (self->a) {
+ // free containers of baset object to avoid leaks
+ forEachSArray(self->a, o) {
+ if (o->type == CONTAINER && (((sContainert*)o)->dataType == SH_DT_BASET)) {
+ free(o);
+ }
+ }
free(self->a);
resetSmallArray(self);
}
diff --git a/src/json/libsheepyCSmallDict.c b/src/json/libsheepyCSmallDict.c
@@ -1109,6 +1109,10 @@ internal void disposeSmallDict(smallDictt *self) {
forEachSDict(self->d, e) {
if (e->key) {
free(e->key);
+ }
+ // free containers of baset object to avoid leaks
+ if (e->data && e->data->type == CONTAINER && (((sContainert*)e->data)->dataType == SH_DT_BASET)) {
+ free(e->data);
}
}
free(self->d);
diff --git a/src/json/libsheepyCSmallJson.c b/src/json/libsheepyCSmallJson.c
@@ -2867,6 +2867,10 @@ internal void disposeSmallJson(smallJsont *self) {
forEachSDict(self->top, e) {
if (e->key) {
free(e->key);
+ }
+ // free containers of baset object to avoid leaks
+ if (e->data && e->data->type == CONTAINER && (((sContainert*)e->data)->dataType == SH_DT_BASET)) {
+ free(e->data);
}
}
free(self->top);
@@ -2875,6 +2879,12 @@ internal void disposeSmallJson(smallJsont *self) {
break;
case TOP_IS_ARRAY:
if (self->topA) {
+ // free containers of baset object to avoid leaks
+ forEachSArray(self->topA, o) {
+ if (o->type == CONTAINER && (((sContainert*)o)->dataType == SH_DT_BASET)) {
+ free(o);
+ }
+ }
free(self->topA);
self->topA = NULL;
}
diff --git a/src/libsheepy.h b/src/libsheepy.h
@@ -98,7 +98,7 @@
// version accoring to the version package: Release.Major.minor.patch
// https://noulin.net/version/file/README.md.html
-#define LIBSHEEPY_VERSION "2.2.10.1"
+#define LIBSHEEPY_VERSION "2.2.10.2"
#ifndef SH_PREFIX
#define SH_PREFIX(NAME) NAME
