From 14710d9989c731b2f51b0d309b0e97bc30ad2339 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 7 Sep 2017 16:51:39 +0200
Subject: PJ_ob_tran: fix potential memory leak. Fixes
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3321. Credit to OSS
 Fuzz

---
 src/PJ_ob_tran.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/PJ_ob_tran.c b/src/PJ_ob_tran.c
index 238dba67..a610a1fe 100644
--- a/src/PJ_ob_tran.c
+++ b/src/PJ_ob_tran.c
@@ -87,7 +87,14 @@ static void *freeup_new (PJ *P) {                       /* Destructor */
         return pj_dealloc (P);
 
     if (P->opaque->link)
-        P->opaque->link->pfree(P->opaque->link);
+    {
+        /* This is a bit tricky: the linked PJ* shares the same params as */
+        /* the current one, so unset it to avoid double free */
+        /* We used to call P->opaque->link->pfree(P->opaque->link); only */
+        /* but this leaked grids */
+        P->opaque->link->params = NULL;
+        pj_free(P->opaque->link);
+    }
 
     pj_dealloc (P->opaque);
     return pj_dealloc(P);
-- 
cgit v1.2.3