1. clamav-devel
  2. Commit 56f3d140ea399ba6f749f2578badaf7d31f333f9
Browse code

Fixed memory leak reported by oss-fuzz. Added checks to see if realloc succeeds before reassigning the pointers, and made this file build without warnings when compiled with -Wextra.

Andy Ragusa (aragusa) authored on 2020/02/01 03:53:09
Showing 1 changed files
libclamav/pdfdecode.c
History View file @ 56f3d14
... ... 
@@ -296,10 +296,13 @@ static size_t pdf_decodestream_internal(
296 296
297 297 
             case OBJ_FILTER_JPX:
298 298 
                 if (!filter) filter = "JPXDECODE";
299 
+                /* fallthrough */
299 300 
             case OBJ_FILTER_DCT:
300 301 
                 if (!filter) filter = "DCTDECODE";
302 
+                /* fallthrough */
301 303 
             case OBJ_FILTER_FAX:
302 304 
                 if (!filter) filter = "FAXDECODE";
305 
+                /* fallthrough */
303 306 
             case OBJ_FILTER_JBIG2:
304 307 
                 if (!filter) filter = "JBIG2DECODE";
305 308
... ... 
@@ -639,8 +642,9 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
639 639 
         if (!(temp = cli_realloc(decoded, declen))) {
640 640 
             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
641 641 
             rc = CL_EMEM;
642 
+        } else {
643 
+            decoded = temp;
642 644 
         }
643 
-        decoded = temp;
644 645 
     }
645 646
646 647 
     if (rc == CL_SUCCESS) {
... ... 
@@ -817,8 +821,9 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
817 817 
         if (!(temp = cli_realloc(decoded, declen))) {
818 818 
             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
819 819 
             rc = CL_EMEM;
820 
+        } else {
821 
+            decoded = temp;
820 822 
         }
821 
-        decoded = temp;
822 823 
     }
823 824
824 825 
     if (rc == CL_SUCCESS) {
... ... 
@@ -1098,8 +1103,9 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
1098 1098 
         if (!(temp = cli_realloc(decoded, declen))) {
1099 1099 
             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
1100 1100 
             rc = CL_EMEM;
1101 
+        } else {
1102 
+            decoded = temp;
1101 1103 
         }
1102 
-        decoded = temp;
1103 1104 
     }
1104 1105
1105 1106 
     if (rc == CL_SUCCESS) {