diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2017-05-30 12:14:26 +0200 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2017-05-30 12:14:26 +0200 |
| commit | a395e6e244e04dd09284e24eb1ca3ff2a7c9f37f (patch) | |
| tree | ba43adeeac721f4b86f2b1842ee74a534a9a00ab /test/fuzzers | |
| parent | 6bb6184a84f136f1686d51d43bfc04065e329ae5 (diff) | |
| download | PROJ-a395e6e244e04dd09284e24eb1ca3ff2a7c9f37f.tar.gz PROJ-a395e6e244e04dd09284e24eb1ca3ff2a7c9f37f.zip | |
catalog: memory leak and crashes related fixes
* pj_transform() crashes on a catalog that has no matching grid
* pj_free() and pj_gc_unloadall() badly interact. No longer try to free the
catalog object in pj_free(). That is the job of pj_gc_unloadall()
* Fix memory leaks in pj_gc_readcatalog() and pj_gc_unloadall()
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1923
Credit to OSS Fuzz.
Diffstat (limited to 'test/fuzzers')
| -rw-r--r-- | test/fuzzers/standard_fuzzer.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/test/fuzzers/standard_fuzzer.cpp b/test/fuzzers/standard_fuzzer.cpp index de2e2aa8..5e69b80f 100644 --- a/test/fuzzers/standard_fuzzer.cpp +++ b/test/fuzzers/standard_fuzzer.cpp @@ -34,6 +34,7 @@ #include <sys/types.h> #include <unistd.h> +#include "projects.h" // For pj_gc_unloadall() #include "proj_api.h" /* Standalone build: @@ -96,6 +97,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { free(buf_dup); pj_free(pj_src); + pj_gc_unloadall(pj_get_default_ctx()); + pj_deallocate_grids(); return 0; } double x = 0, y = 0; @@ -104,6 +107,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) free(buf_dup); pj_free(pj_src); pj_free(pj_dst); + pj_gc_unloadall(pj_get_default_ctx()); + pj_deallocate_grids(); return 0; } #ifdef STANDALONE @@ -115,6 +120,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) free(buf_dup); pj_free(pj_src); pj_free(pj_dst); + pj_gc_unloadall(pj_get_default_ctx()); + pj_deallocate_grids(); return 0; } |