aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2022-11-24 01:26:37 +0200
committerLasse Collin <lasse.collin@tukaani.org>2022-11-24 01:26:37 +0200
commitcb05dbcf8b868441ec805016222f3fd77f1c5caa (patch)
tree87b64b46dd1abd6221d01ee18ec7d803e0ea3d4f /src
parentliblzma: Add support for LZMA_SYNC_FLUSH in the Block encoder. (diff)
downloadxz-cb05dbcf8b868441ec805016222f3fd77f1c5caa.tar.xz
liblzma: Fix another invalid free() after memory allocation failure.
This time it can happen when lzma_stream_encoder_mt() is used to reinitialize an existing multi-threaded Stream encoder and one of 1-4 tiny allocations in lzma_filters_copy() fail. It's very similar to the previous bug 10430fbf3820dafd4eafd38ec8be161a6978ed2b, happening with an array of lzma_filter structures whose old options are freed but the replacement never arrives due to a memory allocation failure in lzma_filters_copy().
Diffstat (limited to 'src')
-rw-r--r--src/liblzma/common/stream_encoder_mt.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/liblzma/common/stream_encoder_mt.c b/src/liblzma/common/stream_encoder_mt.c
index fb56a96f..3245aebd 100644
--- a/src/liblzma/common/stream_encoder_mt.c
+++ b/src/liblzma/common/stream_encoder_mt.c
@@ -1071,6 +1071,10 @@ stream_encoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator,
for (size_t i = 0; coder->filters[i].id != LZMA_VLI_UNKNOWN; ++i)
lzma_free(coder->filters[i].options, allocator);
+ // Mark it as empty so that it is in a safe state in case
+ // lzma_filters_copy() fails.
+ coder->filters[0].id = LZMA_VLI_UNKNOWN;
+
return_if_error(lzma_filters_copy(
filters, coder->filters, allocator));