liblzma: Fix another invalid free() after memory allocation failure.

This time it can happen when lzma_stream_encoder_mt() is used to reinitialize an existing multi-threaded Stream encoder and one of 1-4 tiny allocations in lzma_filters_copy() fail. It's very similar to the previous bug 10430fbf3820dafd4eafd38ec8be161a6978ed2b, happening with an array of lzma_filter structures whose old options are freed but the replacement never arrives due to a memory allocation failure in lzma_filters_copy().
author: Lasse Collin <lasse.collin@tukaani.org> 2022-11-24 01:26:37 +0200
committer: Lasse Collin <lasse.collin@tukaani.org> 2022-11-24 10:58:04 +0200
commit: 872623def5e3e5c7f9f14f366d908f3e012d1007 (patch)
tree: 4aee00ac793f6902e4afff6ce0cb385e52ae3722
parent: liblzma: Add support for LZMA_SYNC_FLUSH in the Block encoder. (diff)
download: xz-872623def5e3e5c7f9f14f366d908f3e012d1007.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/liblzma/common/stream_encoder_mt.c b/src/liblzma/common/stream_encoder_mt.c
index 819b2273..6dc10c3a 100644
--- a/src/liblzma/common/stream_encoder_mt.c
+++ b/src/liblzma/common/stream_encoder_mt.c
@@ -1053,6 +1053,10 @@ stream_encoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator,
 	for (size_t i = 0; coder->filters[i].id != LZMA_VLI_UNKNOWN; ++i)
 		lzma_free(coder->filters[i].options, allocator);
 
+	// Mark it as empty so that it is in a safe state in case
+	// lzma_filters_copy() fails.
+	coder->filters[0].id = LZMA_VLI_UNKNOWN;
+
 	return_if_error(lzma_filters_copy(
 			filters, coder->filters, allocator));
author	Lasse Collin <lasse.collin@tukaani.org>	2022-11-24 01:26:37 +0200
committer	Lasse Collin <lasse.collin@tukaani.org>	2022-11-24 10:58:04 +0200
commit	872623def5e3e5c7f9f14f366d908f3e012d1007 (patch)
tree	4aee00ac793f6902e4afff6ce0cb385e52ae3722
parent	liblzma: Add support for LZMA_SYNC_FLUSH in the Block encoder. (diff)
download	xz-872623def5e3e5c7f9f14f366d908f3e012d1007.tar.xz