[xerces-c] branch master updated: CurlURLInputStream constructor: avoid memory leak

Mon, 23 Aug 2021 22:23:50 -0700 

This is an automated email from the ASF dual-hosted git repository.

rleigh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/xerces-c.git


The following commit(s) were added to refs/heads/master by this push:
     new 327abd3  CurlURLInputStream constructor: avoid memory leak
     new a313987  Merge pull request #28 from rouault/curl_memleak_fix
327abd3 is described below

commit 327abd3551bdbca808b7fc22019c51210358b645
Author: Even Rouault <even.roua...@spatialys.com>
AuthorDate: Wed Aug 18 18:15:45 2021 +0200

    CurlURLInputStream constructor: avoid memory leak
    
    CurlURLInputStream constructor calls the readMore() method, which can
    throw exceptions. In that situation, the destructor is not called, which
    results in resource/memory leaks. To fix that, catch the exceptions,
    manually do the cleanup and rethrow the exceptions.
    
    Found by ossfuzz (locally)
---
 .../util/NetAccessors/Curl/CurlURLInputStream.cpp  | 28 +++++++++++++++++++++-
 .../util/NetAccessors/Curl/CurlURLInputStream.hpp  |  2 ++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp 
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
index a7b125d..8c79ceb 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
@@ -160,7 +160,20 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& 
urlSource, const XMLNetHTTP
     while(fBufferHeadPtr == fBuffer)
     {
        int runningHandles = 0;
-        readMore(&runningHandles);
+        try
+        {
+            readMore(&runningHandles);
+        }
+        catch(const MalformedURLException&)
+        {
+            cleanup();
+            throw;
+        }
+        catch(const NetAccessorException&)
+        {
+            cleanup();
+            throw;
+        }
        if(runningHandles == 0) break;
     }
 
@@ -174,18 +187,31 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& 
urlSource, const XMLNetHTTP
 
 CurlURLInputStream::~CurlURLInputStream()
 {
+    cleanup();
+}
+
+
+void CurlURLInputStream::cleanup()
+{
+    if (!fMulti )
+        return;
+
     // Remove the easy handle from the multi stack
     curl_multi_remove_handle(fMulti, fEasy);
 
     // Cleanup the easy handle
     curl_easy_cleanup(fEasy);
+    fEasy = NULL;
 
     // Cleanup the multi handle
     curl_multi_cleanup(fMulti);
+    fMulti = NULL;
 
     if(fContentType) fMemoryManager->deallocate(fContentType);
+    fContentType = NULL;
 
     if(fHeadersList) curl_slist_free_all(fHeadersList);
+    fHeadersList = NULL;
 }
 
 
diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp 
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
index 1ff2abf..06fa994 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
@@ -61,6 +61,8 @@ private :
     CurlURLInputStream(const CurlURLInputStream&);
     CurlURLInputStream& operator=(const CurlURLInputStream&);
     
+    void cleanup();
+
     static size_t staticWriteCallback(char *buffer,
                                       size_t size,
                                       size_t nitems,

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Reply via email to