diff options
author | 2020-04-18 21:55:52 +0200 | |
---|---|---|
committer | 2020-04-18 12:55:52 -0700 | |
commit | e94eb003672cff7fb30b41d26fdd40fabd439309 (patch) | |
tree | 3d977d46e89fd152ac6b249b8a4af3a035cd76fc /projects/quickjs | |
parent | 3afd1707bf69ce0de1307cb35ec05361c1f8246b (diff) |
Fix leaks in quickjs targets (#3669)
Diffstat (limited to 'projects/quickjs')
-rw-r--r-- | projects/quickjs/fuzz_compile.c | 6 | ||||
-rw-r--r-- | projects/quickjs/fuzz_eval.c | 7 |
2 files changed, 9 insertions, 4 deletions
diff --git a/projects/quickjs/fuzz_compile.c b/projects/quickjs/fuzz_compile.c index 573a3f87..4c1537cf 100644 --- a/projects/quickjs/fuzz_compile.c +++ b/projects/quickjs/fuzz_compile.c @@ -73,6 +73,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } obj = JS_ReadObject(ctx, bytecode, bytecode_size, JS_READ_OBJ_BYTECODE); if (JS_IsException(obj)) { + js_free(ctx, bytecode); return 0; } nbinterrupts = 0; @@ -84,6 +85,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (JS_VALUE_GET_TAG(obj) == JS_TAG_MODULE) { if (JS_ResolveModule(ctx, obj) < 0) { JS_FreeValue(ctx, obj); + js_free(ctx, bytecode); return 0; } js_module_set_import_meta(ctx, obj, FALSE, TRUE); @@ -91,10 +93,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { val = JS_EvalFunction(ctx, obj); if (JS_IsException(val)) { js_std_dump_error(ctx); - return 0; + } else { + js_std_loop(ctx); } JS_FreeValue(ctx, val); - js_std_loop(ctx); js_free(ctx, bytecode); } diff --git a/projects/quickjs/fuzz_eval.c b/projects/quickjs/fuzz_eval.c index 4eaf58c5..6ba443f4 100644 --- a/projects/quickjs/fuzz_eval.c +++ b/projects/quickjs/fuzz_eval.c @@ -61,9 +61,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } nbinterrupts = 0; //the final 0 does not count (as in strlen) - JS_Eval(ctx, (const char *)Data, Size-1, "<none>", JS_EVAL_TYPE_GLOBAL); + JSValue val = JS_Eval(ctx, (const char *)Data, Size-1, "<none>", JS_EVAL_TYPE_GLOBAL); //TODO targets with JS_ParseJSON, JS_ReadObject - js_std_loop(ctx); + if (!JS_IsException(val)) { + js_std_loop(ctx); + JS_FreeValue(ctx, val); + } } return 0; |