From 20c564bc7620be7f9325376601797fc20622f845 Mon Sep 17 00:00:00 2001 From: Garret Rieger Date: Fri, 26 May 2023 23:04:25 +0000 Subject: [PATCH] [repacker] Fix fuzzer memory leak. https://oss-fuzz.com/testcase-detail/6419865171525632 --- src/graph/graph.hh | 3 ++- src/graph/gsubgpos-context.cc | 6 +++++- src/graph/gsubgpos-context.hh | 4 ++-- ...inimized-hb-repacker-fuzzer-6419865171525632 | Bin 0 -> 65751 bytes 4 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 test/fuzzing/graphs/clusterfuzz-testcase-minimized-hb-repacker-fuzzer-6419865171525632 diff --git a/src/graph/graph.hh b/src/graph/graph.hh index 294a99991..73f897d2f 100644 --- a/src/graph/graph.hh +++ b/src/graph/graph.hh @@ -401,9 +401,10 @@ struct graph_t return vertices_[i].obj; } - void add_buffer (char* buffer) + bool add_buffer (char* buffer) { buffers.push (buffer); + return !buffers.in_error (); } /* diff --git a/src/graph/gsubgpos-context.cc b/src/graph/gsubgpos-context.cc index b2044426d..d66eb49cf 100644 --- a/src/graph/gsubgpos-context.cc +++ b/src/graph/gsubgpos-context.cc @@ -52,7 +52,11 @@ unsigned gsubgpos_graph_context_t::create_node (unsigned size) if (!buffer) return -1; - add_buffer (buffer); + if (!add_buffer (buffer)) { + // Allocation did not get stored for freeing later. + hb_free (buffer); + return -1; + } return graph.new_node (buffer, buffer + size); } diff --git a/src/graph/gsubgpos-context.hh b/src/graph/gsubgpos-context.hh index 9fe9662e6..26b7cfe4d 100644 --- a/src/graph/gsubgpos-context.hh +++ b/src/graph/gsubgpos-context.hh @@ -47,9 +47,9 @@ struct gsubgpos_graph_context_t HB_INTERNAL unsigned create_node (unsigned size); - void add_buffer (char* buffer) + bool add_buffer (char* buffer) { - graph.add_buffer (buffer); + return graph.add_buffer (buffer); } private: diff --git a/test/fuzzing/graphs/clusterfuzz-testcase-minimized-hb-repacker-fuzzer-6419865171525632 b/test/fuzzing/graphs/clusterfuzz-testcase-minimized-hb-repacker-fuzzer-6419865171525632 new file mode 100644 index 0000000000000000000000000000000000000000..2deb99fe6d4975db453195221f450f18faf899e8 GIT binary patch literal 65751 zcmeHQ33L`k60YtUlGIE@ATcWXd{IFWSw%n=k0*yHh!=>HbiOauVSN{AEB$~vZAxBMK`m3qw>FKHN zsj9B&p1i3!i+t(^zHGRD2UOztBT5MAaKF(*Vht$xC;IwGuD&%-+;Fv9DD|zM%^931GY>Gi|GuuFKH`_sf zWxfLawfP40x8_^WJIzi?N<*%=S7MDtvDUM=DO=CtA~w?=M4qj0>yxzyTeOL7Xd8mx z$Tk9Dl&dr03Xkkn>#I1$0;26?8Xy z3DTanCpeedKY;FKdx8F=y$tl__HvYYh5Z}o-nKXBYwh1b_pyDD=LUNN=)Sfu_&3^r zfWF1vg7j8907vhz_kh0F-V6FZI|TGlI}|yG*pC{pto4`23u^=8|;@By}^EE(GTnn`yJ9B?Ek>u zWp|;3I37dKJyK*ma1}f)tL^|lzKKgt;6nGN;Pi{sO;z`ITlcgkwMGi|R zBUelOcT987;7OF$0N5aduE1GNwctMkH;xjCGC-w+Z7AbNm)oaK)Rkxy51U24jbHyt zN1}=G6XaQGd2H!(x^c_9@5fK=I1z_v7ntcCa2cnmWQ+H*Klmt-=rr1Sp+lcWdJc2x z0^xU{op|Eqgq^wj&>IOQ1s#_`SIZTkq;m67Kl-*rNzqZOv2!%abo*{gC@IM#%zSr0 z*j$ors8It5@p8}UlDN6X)rRQ8c&<}f*r|8dmN?yRkj3>1chpc5avbvOZQQttXcIMT zu=Slh%ClOt77{qxf&|=NhV02HkJyuQ)foITE7pO629>2iIt&;zOB9(U!<| zw`j?UwoS*06X|OwStnYeHm)?c?G~-2fljpjT~*!Y(`F$Jjog!4oM20ypPlV4KzVzf zn`ov^-*;H$B=%@RWCB~Xq8*6LPS2@pMC z<7;W{T4>2##WS zlQ=$_ZxVc%Zx$TG{RAK3TLs5*f5AsNPjDO$5PXdD6F5+CJl`$&INvKcfd>gb!7;%n z`9Z;d@eskMc$nbRJY4V@9x3=Nj~0B6#|S>pV+CK}ae^=Mc)^K0L2wd3DL9#*5}d-% z2u|ha1gG%}f^cmFXYgdfmw2k+%RF6hCch*&i)RYX=GlUCc&^}FE)bl@^92idf#54# zC^(-N3BJmU1s8CU;A^}@u#lGtF68Bcix?g-j3BJLr1dF(`{YCRvGYN>R zly>k64}%Wpjl=V#+mN?lSw$eo+=L)A zM384dpd#s(kY$O4B<(GWe4~$R5{q{4&=~1W6jBKFR#a zGO~LnqFL#5(8^WGXco$Y+ux1SOQKn>`ah3mxsd|4LvZ8A58P)o%U#a}#N43G4Ok3X zqBNR?p%m)*+oD-0BIX_$pPD!9+{;yE2gM4TV_cos>KnRfxHN~0N+Bo#zM;7imGUKo zW~m_^Tau-1yLPQxwQ5O4{rukkWp=uM76$Fj{aioC&$MlAGjFrE-dp7rVI*fL%jB3N zOe@pIoNC&dzUD?V#!NGXYZiWKTOjK5!?k0K#a7_*wxBHUC$9+tA6J+iW)X55KSnCdW?B&IqH zCX1;KgDGOF!(ghI>M)olraBC!i>VHS8SG4T7`!B=It*SGQym5~#Z-sEEHTw#Fk4J@ z7|an<9R_p7RENPlG1XyEAf`GDUJ+9r2J^*Khrz32s>5J`nCdWiO-ywd6pE=1gN0(M z!(fq^>JTQ{nd&fDe5^CoVep2S>M$r0Qym6x@@nBP;WdIw`9r~FyiV{fUN5+uKM{PJ zKNWn3Hwdoa&jnZVX2ExPtKfTFEckEUCb){f5`3R`2(IRD1wY{L1=sM8f@}FF!4Fg8 zLPV&1)zQtwQ>2b=sex9k5fXqIAyP*-1#K0fu2o0Z#pu=1-LH-={E*CGAa@hIi!Tto zn=cZ)hr0{j%a;h=$CnBY;$DLH^PdD`e3@YN4S}J0m3vzceW~Lc9pAW6q>gW@KEBx{ z^7{zy@tqvkG3IpuKW1NWJ*Nr&hcg5};Xv@eoGJJz*BAVZ8whUTMuHnTTkvzv5!}Rw z32x@bf?N1V!L59h;1`@LSj@)=e#uP)xAAd;+qsz$1(wHW3Es{f1P5>@!8^FKU_PHK zcqexito@2}pxmdvJE*ho4x)2-livA$2^(wVLL(Q+9;QT1k$^@nQq@w?DRQ)#zM|8} zMVZ%S`igECJZXJJSMy%c=@3?ifHgPvr$bmb_Nl|u-=gz;#*2>E=@bWQI)&d{E zX|0spPpwsbDUnWP3W-qH>gzV0D6A{udgzL{+OQ%{L%15k)evq_gTFQro#&JE$8^SM zBp-Eg%dy;+i525diki}ox+MFc64gTjI)qJCJ4C0*(Plbh6pGdLUHzzwe$>Uy6xENq z)YOl<=nz(iusVd*A?#XM^I!X%oz56_w(h`vfJ=3?>T1>1HCb1uYP4J1%5h^!{pMFH zS~bErh<>F&zfzEjE~{lkDgo8CsSjS(I&EsdPn(j_)qeU+SgM}63YHVyqglZU zX|`XIfZC*Al1^ogMc45~Tj+{0{l0o-x~Jwn;1W<>o2n*=P}i#eU-$g~igwfJx?x3Y zw0AyLIeSZ_s{7HkwYqnB)uun6Q`L^D=N%vksIEfWh)S6;V`t{b`+y84UA z<+X$ItC-vkxwcr<#bwajI$kqwjHF-jIbe@kcp3%iK zVW7Y6$Ty447{mPpAK_aC$8vwcM>$V$91jqDjPnzy-@(-HV5VxoTdT^^I7q6RGdgcT zbec|{)5&wG>bhD^Boa_vn<_C!sB1OmT=(9tdYirV-YT!CxeK&rnH*g_Q}G8kx<|9( zb<&*WN{GNqBYt( zpQ@a_B~sP>=-OJ{J9Y1>+DrAk11AC1wW*SQgt}JUJ9Y2M>$cH#!}4lSo%zv8M;#({ zh^q6Gpmp1~1k@qgw_GaEjZoLBL!=H-c^x#mZm6q?%WDJWS3?P?rAt+#M5kiVX1bbK zR}<@MVqHzFtBJY3aVzXT;|78oxRKyS&KCTfa|Ac>VS<~vvEUXyQgACDC8#UZbcLEk z>t^vx!Pz`pa1PHEoXZ7*^LV~s0WT1Ig$o7e^CH1ld9mOEE)sl=mk1W}GQowsTyPP) z-_FboUgwp9`fKuVYxJl1oGyElSEEaW!4h60xRgH>T*m7J^{4o9MQ0cDF@j%m6TxkK zoZxnDW+14{Adk-yyq!A;4&Y9LcW`IHd_Gt3PVOqWpMC@)7|d5n`9t_B!J&M$;4r>M z@FDIkIGnE&9KqKMj^sXqqqwi&Xue7CVb#?l2i4W78obu|ax@N-sxA;=9K`8(T}`a3 ziBr{ewVX&Kpt?3yVvbPPYRtLryRb*=jUb)v5n6#00nTH@bNcaK*F9YIvu%dr1z^QMsHfgD$eM~71m z46C6N!E1s4SdxEe8UFnVeq+i)?%nwZ?ZMx(oWYG;`IZ_}_U`=2yxBc3?%u_xlPH}I zTDhwKHiKMQ-!;YcJwx3n-FP_3ZG%yxdFSNycSkVAJ5JTNS(^Kuq{>L@8@gz?h}Yl_ zXUM%6nmg9RF&_f-Aee@9Y)O{3?b@|&)v6^G_49lCm)Yt5S$-S8xu5Ij_?fn?ZC2W@ zzlPCihhM8ndB;UOX$P+rKyGjCngr|Q}iG+u7WC+Cj0x-|j&FA0?Uh3IG5A literal 0 HcmV?d00001