diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2022-11-24 01:26:37 +0200 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2022-11-24 01:26:37 +0200 |
commit | cb05dbcf8b868441ec805016222f3fd77f1c5caa (patch) | |
tree | 87b64b46dd1abd6221d01ee18ec7d803e0ea3d4f /src | |
parent | liblzma: Add support for LZMA_SYNC_FLUSH in the Block encoder. (diff) | |
download | xz-cb05dbcf8b868441ec805016222f3fd77f1c5caa.tar.xz |
liblzma: Fix another invalid free() after memory allocation failure.
This time it can happen when lzma_stream_encoder_mt() is used
to reinitialize an existing multi-threaded Stream encoder
and one of 1-4 tiny allocations in lzma_filters_copy() fail.
It's very similar to the previous bug
10430fbf3820dafd4eafd38ec8be161a6978ed2b, happening with
an array of lzma_filter structures whose old options are freed
but the replacement never arrives due to a memory allocation
failure in lzma_filters_copy().
Diffstat (limited to 'src')
-rw-r--r-- | src/liblzma/common/stream_encoder_mt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/liblzma/common/stream_encoder_mt.c b/src/liblzma/common/stream_encoder_mt.c index fb56a96f..3245aebd 100644 --- a/src/liblzma/common/stream_encoder_mt.c +++ b/src/liblzma/common/stream_encoder_mt.c @@ -1071,6 +1071,10 @@ stream_encoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator, for (size_t i = 0; coder->filters[i].id != LZMA_VLI_UNKNOWN; ++i) lzma_free(coder->filters[i].options, allocator); + // Mark it as empty so that it is in a safe state in case + // lzma_filters_copy() fails. + coder->filters[0].id = LZMA_VLI_UNKNOWN; + return_if_error(lzma_filters_copy( filters, coder->filters, allocator)); |