aboutsummaryrefslogtreecommitdiffhomepage
path: root/projects/quickjs
diff options
context:
space:
mode:
authorGravatar Catena cyber <35799796+catenacyber@users.noreply.github.com>2020-04-18 21:55:52 +0200
committerGravatar GitHub <noreply@github.com>2020-04-18 12:55:52 -0700
commite94eb003672cff7fb30b41d26fdd40fabd439309 (patch)
tree3d977d46e89fd152ac6b249b8a4af3a035cd76fc /projects/quickjs
parent3afd1707bf69ce0de1307cb35ec05361c1f8246b (diff)
Fix leaks in quickjs targets (#3669)
Diffstat (limited to 'projects/quickjs')
-rw-r--r--projects/quickjs/fuzz_compile.c6
-rw-r--r--projects/quickjs/fuzz_eval.c7
2 files changed, 9 insertions, 4 deletions
diff --git a/projects/quickjs/fuzz_compile.c b/projects/quickjs/fuzz_compile.c
index 573a3f87..4c1537cf 100644
--- a/projects/quickjs/fuzz_compile.c
+++ b/projects/quickjs/fuzz_compile.c
@@ -73,6 +73,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
}
obj = JS_ReadObject(ctx, bytecode, bytecode_size, JS_READ_OBJ_BYTECODE);
if (JS_IsException(obj)) {
+ js_free(ctx, bytecode);
return 0;
}
nbinterrupts = 0;
@@ -84,6 +85,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (JS_VALUE_GET_TAG(obj) == JS_TAG_MODULE) {
if (JS_ResolveModule(ctx, obj) < 0) {
JS_FreeValue(ctx, obj);
+ js_free(ctx, bytecode);
return 0;
}
js_module_set_import_meta(ctx, obj, FALSE, TRUE);
@@ -91,10 +93,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
val = JS_EvalFunction(ctx, obj);
if (JS_IsException(val)) {
js_std_dump_error(ctx);
- return 0;
+ } else {
+ js_std_loop(ctx);
}
JS_FreeValue(ctx, val);
- js_std_loop(ctx);
js_free(ctx, bytecode);
}
diff --git a/projects/quickjs/fuzz_eval.c b/projects/quickjs/fuzz_eval.c
index 4eaf58c5..6ba443f4 100644
--- a/projects/quickjs/fuzz_eval.c
+++ b/projects/quickjs/fuzz_eval.c
@@ -61,9 +61,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
}
nbinterrupts = 0;
//the final 0 does not count (as in strlen)
- JS_Eval(ctx, (const char *)Data, Size-1, "<none>", JS_EVAL_TYPE_GLOBAL);
+ JSValue val = JS_Eval(ctx, (const char *)Data, Size-1, "<none>", JS_EVAL_TYPE_GLOBAL);
//TODO targets with JS_ParseJSON, JS_ReadObject
- js_std_loop(ctx);
+ if (!JS_IsException(val)) {
+ js_std_loop(ctx);
+ JS_FreeValue(ctx, val);
+ }
}
return 0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-09 20:12:08 +0000