root
/
xz
mirror of https://git.tukaani.org/xz.git
1
0
Fork 0
Code Issues Releases Wiki Activity

liblzma: Fix another invalid free() after memory allocation failure. 

This time it can happen when lzma_stream_encoder_mt() is used
to reinitialize an existing multi-threaded Stream encoder
and one of 1-4 tiny allocations in lzma_filters_copy() fail.

It's very similar to the previous bug
10430fbf38, happening with
an array of lzma_filter structures whose old options are freed
but the replacement never arrives due to a memory allocation
failure in lzma_filters_copy().
This commit is contained in:
Lasse Collin 2022-11-24 01:26:37 +02:00
parent 75f1a6c26d
commit cb05dbcf8b
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/liblzma/common/stream_encoder_mt.c
View File

@ -1071,6 +1071,10 @@ stream_encoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator,
for (size_t i = 0; coder->filters[i].id != LZMA_VLI_UNKNOWN; ++i)
lzma_free(coder->filters[i].options, allocator);
// Mark it as empty so that it is in a safe state in case
// lzma_filters_copy() fails.
coder->filters[0].id = LZMA_VLI_UNKNOWN;
return_if_error(lzma_filters_copy(
filters, coder->filters, allocator));