From ad33fea957d64c591e129d14933cbab78cb64055 Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Fri, 31 Aug 2018 21:06:39 +0800 Subject: [PATCH] [mupdf] Plug memory leaks in fuzzer itself. (oss-fuzz #5497) (#1778) If mupdf throws an exception (extremely likely in when fuzzing), none of the resources such as the rendered pixmap, document or stream were reclaimed before exiting causing memory leaks. These leaks were blamed on the software itself, when it actually was the fuzzer implementation that leaked. Fix this by always cleaning up all resources. --- projects/mupdf/pdf_fuzzer.cc | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/projects/mupdf/pdf_fuzzer.cc b/projects/mupdf/pdf_fuzzer.cc index 24058a2df..05c87f3ed 100644 --- a/projects/mupdf/pdf_fuzzer.cc +++ b/projects/mupdf/pdf_fuzzer.cc @@ -22,24 +22,33 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { fz_context *ctx = fz_new_context(nullptr, nullptr, FZ_STORE_DEFAULT); - fz_register_document_handlers(ctx); - fz_stream *stream = fz_open_memory(ctx, data, size); - fz_pixmap *pix = NULL; + fz_stream *stream = NULL; fz_document *doc = NULL; + fz_pixmap *pix = NULL; + + fz_var(stream); + fz_var(doc); + fz_var(pix); + fz_try(ctx) { + fz_register_document_handlers(ctx); + stream = fz_open_memory(ctx, data, size); doc = fz_open_document_with_stream(ctx, "pdf", stream); for (int i = 0; i < fz_count_pages(ctx, doc); i++) { pix = fz_new_pixmap_from_page_number(ctx, doc, i, fz_identity, fz_device_rgb(ctx), 0); fz_drop_pixmap(ctx, pix); + pix = NULL; } } - fz_catch(ctx) {} - - if (doc) { + fz_always(ctx) { + fz_drop_pixmap(ctx, pix); fz_drop_document(ctx, doc); + fz_drop_stream(ctx, stream); } - fz_drop_stream(ctx, stream); + fz_catch(ctx) { + } + fz_drop_context(ctx); return 0;