catalog: memory leak and crashes related fixes

* pj_transform() crashes on a catalog that has no matching grid
* pj_free() and pj_gc_unloadall() badly interact. No longer try to free the
  catalog object in pj_free(). That is the job of pj_gc_unloadall()
* Fix memory leaks in pj_gc_readcatalog() and pj_gc_unloadall()

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1923

Credit to OSS Fuzz.

1 files changed, 5 insertions, 2 deletions

diff --git a/src/pj_init.c b/src/pj_init.c
index 764784f5..e3d99a8f 100644
--- a/src/pj_init.c
+++ b/src/pj_init.c
@@ -735,8 +735,11 @@ pj_free(PJ *P) {
         if( P->catalog_name != NULL )
             pj_dalloc( P->catalog_name );
 
-        if( P->catalog != NULL )
-            pj_dalloc( P->catalog );
+        /* We used to call pj_dalloc( P->catalog ), but this will leak */
+        /* memory. The safe way to clear catalog and grid is to call */
+        /* pj_gc_unloadall(pj_get_default_ctx()); and pj_deallocate_grids(); */
+        /* TODO: we should probably have a public pj_cleanup() method to do all */
+        /* that */
 
         if( P->geod != NULL )
             pj_dalloc( P->geod );