[vector] Fix leak

Discovered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54767
This commit is contained in:
Behdad Esfahbod 2023-01-02 11:44:29 -07:00
parent 4f013c42f0
commit 9afe5f973e
1 changed files with 18 additions and 3 deletions

View File

@ -233,6 +233,11 @@ struct hb_vector_t
Type * Type *
realloc_vector (unsigned new_allocated) realloc_vector (unsigned new_allocated)
{ {
if (!new_allocated)
{
hb_free (arrayZ);
return nullptr;
}
return (Type *) hb_realloc (arrayZ, new_allocated * sizeof (Type)); return (Type *) hb_realloc (arrayZ, new_allocated * sizeof (Type));
} }
template <typename T = Type, template <typename T = Type,
@ -240,6 +245,11 @@ struct hb_vector_t
Type * Type *
realloc_vector (unsigned new_allocated) realloc_vector (unsigned new_allocated)
{ {
if (!new_allocated)
{
hb_free (arrayZ);
return nullptr;
}
Type *new_array = (Type *) hb_malloc (new_allocated * sizeof (Type)); Type *new_array = (Type *) hb_malloc (new_allocated * sizeof (Type));
if (likely (new_array)) if (likely (new_array))
{ {
@ -366,13 +376,18 @@ struct hb_vector_t
/* Reallocate */ /* Reallocate */
Type *new_array = nullptr;
bool overflows = bool overflows =
(int) in_error () || (int) in_error () ||
(new_allocated < size) || (new_allocated < size) ||
hb_unsigned_mul_overflows (new_allocated, sizeof (Type)); hb_unsigned_mul_overflows (new_allocated, sizeof (Type));
if (likely (!overflows))
new_array = realloc_vector (new_allocated); if (unlikely (overflows))
{
allocated = -1;
return false;
}
Type *new_array = realloc_vector (new_allocated);
if (unlikely (new_allocated && !new_array)) if (unlikely (new_allocated && !new_array))
{ {