diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2022-11-24 01:26:37 +0200 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2022-11-24 10:58:04 +0200 |
commit | 872623def5e3e5c7f9f14f366d908f3e012d1007 (patch) | |
tree | 4aee00ac793f6902e4afff6ce0cb385e52ae3722 | |
parent | liblzma: Add support for LZMA_SYNC_FLUSH in the Block encoder. (diff) | |
download | xz-872623def5e3e5c7f9f14f366d908f3e012d1007.tar.xz |
liblzma: Fix another invalid free() after memory allocation failure.
This time it can happen when lzma_stream_encoder_mt() is used
to reinitialize an existing multi-threaded Stream encoder
and one of 1-4 tiny allocations in lzma_filters_copy() fail.
It's very similar to the previous bug
10430fbf3820dafd4eafd38ec8be161a6978ed2b, happening with
an array of lzma_filter structures whose old options are freed
but the replacement never arrives due to a memory allocation
failure in lzma_filters_copy().
Diffstat (limited to '')
-rw-r--r-- | src/liblzma/common/stream_encoder_mt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/liblzma/common/stream_encoder_mt.c b/src/liblzma/common/stream_encoder_mt.c index 819b2273..6dc10c3a 100644 --- a/src/liblzma/common/stream_encoder_mt.c +++ b/src/liblzma/common/stream_encoder_mt.c @@ -1053,6 +1053,10 @@ stream_encoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator, for (size_t i = 0; coder->filters[i].id != LZMA_VLI_UNKNOWN; ++i) lzma_free(coder->filters[i].options, allocator); + // Mark it as empty so that it is in a safe state in case + // lzma_filters_copy() fails. + coder->filters[0].id = LZMA_VLI_UNKNOWN; + return_if_error(lzma_filters_copy( filters, coder->filters, allocator)); |