diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2017-09-07 16:51:39 +0200 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2017-09-07 16:51:39 +0200 |
| commit | 14710d9989c731b2f51b0d309b0e97bc30ad2339 (patch) | |
| tree | bc981d5f906636d628193532d9e48618a63cd220 /src | |
| parent | cf9401abeeb15be0d4d886e4aabbce6c19245fd2 (diff) | |
| download | PROJ-14710d9989c731b2f51b0d309b0e97bc30ad2339.tar.gz PROJ-14710d9989c731b2f51b0d309b0e97bc30ad2339.zip | |
PJ_ob_tran: fix potential memory leak. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3321. Credit to OSS Fuzz
Diffstat (limited to 'src')
| -rw-r--r-- | src/PJ_ob_tran.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/PJ_ob_tran.c b/src/PJ_ob_tran.c index 238dba67..a610a1fe 100644 --- a/src/PJ_ob_tran.c +++ b/src/PJ_ob_tran.c @@ -87,7 +87,14 @@ static void *freeup_new (PJ *P) { /* Destructor */ return pj_dealloc (P); if (P->opaque->link) - P->opaque->link->pfree(P->opaque->link); + { + /* This is a bit tricky: the linked PJ* shares the same params as */ + /* the current one, so unset it to avoid double free */ + /* We used to call P->opaque->link->pfree(P->opaque->link); only */ + /* but this leaked grids */ + P->opaque->link->params = NULL; + pj_free(P->opaque->link); + } pj_dealloc (P->opaque); return pj_dealloc(P); |