diff options
author | 2018-08-31 21:06:39 +0800 | |
---|---|---|
committer | 2018-08-31 06:06:39 -0700 | |
commit | ad33fea957d64c591e129d14933cbab78cb64055 (patch) | |
tree | b6371ba501036236daf78772c97824c05813b98f /projects/mupdf | |
parent | 9bac6ac04671938299c3acb92a3331c05994ed64 (diff) |
[mupdf] Plug memory leaks in fuzzer itself. (oss-fuzz #5497) (#1778)
If mupdf throws an exception (extremely likely in when fuzzing),
none of the resources such as the rendered pixmap, document or
stream were reclaimed before exiting causing memory leaks. These
leaks were blamed on the software itself, when it actually was
the fuzzer implementation that leaked.
Fix this by always cleaning up all resources.
Diffstat (limited to 'projects/mupdf')
-rw-r--r-- | projects/mupdf/pdf_fuzzer.cc | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/projects/mupdf/pdf_fuzzer.cc b/projects/mupdf/pdf_fuzzer.cc index 24058a2d..05c87f3e 100644 --- a/projects/mupdf/pdf_fuzzer.cc +++ b/projects/mupdf/pdf_fuzzer.cc @@ -22,24 +22,33 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { fz_context *ctx = fz_new_context(nullptr, nullptr, FZ_STORE_DEFAULT); - fz_register_document_handlers(ctx); - fz_stream *stream = fz_open_memory(ctx, data, size); - fz_pixmap *pix = NULL; + fz_stream *stream = NULL; fz_document *doc = NULL; + fz_pixmap *pix = NULL; + + fz_var(stream); + fz_var(doc); + fz_var(pix); + fz_try(ctx) { + fz_register_document_handlers(ctx); + stream = fz_open_memory(ctx, data, size); doc = fz_open_document_with_stream(ctx, "pdf", stream); for (int i = 0; i < fz_count_pages(ctx, doc); i++) { pix = fz_new_pixmap_from_page_number(ctx, doc, i, fz_identity, fz_device_rgb(ctx), 0); fz_drop_pixmap(ctx, pix); + pix = NULL; } } - fz_catch(ctx) {} - - if (doc) { + fz_always(ctx) { + fz_drop_pixmap(ctx, pix); fz_drop_document(ctx, doc); + fz_drop_stream(ctx, stream); + } + fz_catch(ctx) { } - fz_drop_stream(ctx, stream); + fz_drop_context(ctx); return 0; |