[xerces-c] branch xerces-3.2 updated: CurlURLInputStream constructor: avoid memory leak

Mon, 23 Aug 2021 22:24:42 -0700 

This is an automated email from the ASF dual-hosted git repository.

rleigh pushed a commit to branch xerces-3.2
in repository https://gitbox.apache.org/repos/asf/xerces-c.git


The following commit(s) were added to refs/heads/xerces-3.2 by this push:
     new b8f2b83  CurlURLInputStream constructor: avoid memory leak
     new 9ac2a9c  Merge pull request #29 from 
rouault/backport_3_2_curl_memleak_fix
b8f2b83 is described below

commit b8f2b836358bb9e338c677eb71ec7fdfbd13643b
Author: Even Rouault <even.roua...@spatialys.com>
AuthorDate: Wed Aug 18 18:15:45 2021 +0200

    CurlURLInputStream constructor: avoid memory leak
    
    CurlURLInputStream constructor calls the readMore() method, which can
    throw exceptions. In that situation, the destructor is not called, which
    results in resource/memory leaks. To fix that, catch the exceptions,
    manually do the cleanup and rethrow the exceptions.
    
    Found by ossfuzz (locally)
---
 .../util/NetAccessors/Curl/CurlURLInputStream.cpp  | 28 +++++++++++++++++++++-
 .../util/NetAccessors/Curl/CurlURLInputStream.hpp  |  2 ++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp 
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
index 5ed6593..2980dc2 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
@@ -160,7 +160,20 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& 
urlSource, const XMLNetHTTP
     while(fBufferHeadPtr == fBuffer)
     {
        int runningHandles = 0;
-        readMore(&runningHandles);
+        try
+        {
+            readMore(&runningHandles);
+        }
+        catch(const MalformedURLException&)
+        {
+            cleanup();
+            throw;
+        }
+        catch(const NetAccessorException&)
+        {
+            cleanup();
+            throw;
+        }
        if(runningHandles == 0) break;
     }
 
@@ -174,18 +187,31 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& 
urlSource, const XMLNetHTTP
 
 CurlURLInputStream::~CurlURLInputStream()
 {
+    cleanup();
+}
+
+
+void CurlURLInputStream::cleanup()
+{
+    if (!fMulti )
+        return;
+
     // Remove the easy handle from the multi stack
     curl_multi_remove_handle(fMulti, fEasy);
 
     // Cleanup the easy handle
     curl_easy_cleanup(fEasy);
+    fEasy = NULL;
 
     // Cleanup the multi handle
     curl_multi_cleanup(fMulti);
+    fMulti = NULL;
 
     if(fContentType) fMemoryManager->deallocate(fContentType);
+    fContentType = NULL;
 
     if(fHeadersList) curl_slist_free_all(fHeadersList);
+    fHeadersList = NULL;
 }
 
 
diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp 
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
index f75857b..3900d4d 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
@@ -61,6 +61,8 @@ private :
     CurlURLInputStream(const CurlURLInputStream&);
     CurlURLInputStream& operator=(const CurlURLInputStream&);
     
+    void cleanup();
+
     static size_t staticWriteCallback(char *buffer,
                                       size_t size,
                                       size_t nitems,

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Reply via email to