diff options
author | Sebastian Rasmussen <sebras@gmail.com> | 2018-08-31 21:06:39 +0800 |
---|---|---|
committer | jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> | 2018-08-31 06:06:39 -0700 |
commit | ad33fea957d64c591e129d14933cbab78cb64055 (patch) | |
tree | b6371ba501036236daf78772c97824c05813b98f /projects/mupdf | |
parent | 9bac6ac04671938299c3acb92a3331c05994ed64 (diff) | |
download | oss-fuzz-ad33fea957d64c591e129d14933cbab78cb64055.tar.gz |
[mupdf] Plug memory leaks in fuzzer itself. (oss-fuzz #5497) (#1778)
If mupdf throws an exception (extremely likely in when fuzzing),
none of the resources such as the rendered pixmap, document or
stream were reclaimed before exiting causing memory leaks. These
leaks were blamed on the software itself, when it actually was
the fuzzer implementation that leaked.
Fix this by always cleaning up all resources.
Diffstat (limited to 'projects/mupdf')
-rw-r--r-- | projects/mupdf/pdf_fuzzer.cc | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/projects/mupdf/pdf_fuzzer.cc b/projects/mupdf/pdf_fuzzer.cc index 24058a2df..05c87f3ed 100644 --- a/projects/mupdf/pdf_fuzzer.cc +++ b/projects/mupdf/pdf_fuzzer.cc @@ -22,24 +22,33 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { fz_context *ctx = fz_new_context(nullptr, nullptr, FZ_STORE_DEFAULT); - fz_register_document_handlers(ctx); - fz_stream *stream = fz_open_memory(ctx, data, size); - fz_pixmap *pix = NULL; + fz_stream *stream = NULL; fz_document *doc = NULL; + fz_pixmap *pix = NULL; + + fz_var(stream); + fz_var(doc); + fz_var(pix); + fz_try(ctx) { + fz_register_document_handlers(ctx); + stream = fz_open_memory(ctx, data, size); doc = fz_open_document_with_stream(ctx, "pdf", stream); for (int i = 0; i < fz_count_pages(ctx, doc); i++) { pix = fz_new_pixmap_from_page_number(ctx, doc, i, fz_identity, fz_device_rgb(ctx), 0); fz_drop_pixmap(ctx, pix); + pix = NULL; } } - fz_catch(ctx) {} - - if (doc) { + fz_always(ctx) { + fz_drop_pixmap(ctx, pix); fz_drop_document(ctx, doc); + fz_drop_stream(ctx, stream); + } + fz_catch(ctx) { } - fz_drop_stream(ctx, stream); + fz_drop_context(ctx); return 0; |