fixed leaks in CHOICE/XER and REAL conversion
diff --git a/ChangeLog b/ChangeLog
index d05215e..cdd8ad0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@
* Added IEEE 1609.2 example.
* Added SAE J2735 example.
* CVE-2017-12966 verified not present.
+ * Fix incomplete (failed) CHOICE XER decoding memory leak.
+ * Fix REAL type overwrite conversion memory leak.
0.9.28: 2017-03-26
* PER decoding: avoid memory leak on error. By github.com/simo5
diff --git a/skeletons/REAL.c b/skeletons/REAL.c
index 82ef966..1247f09 100644
--- a/skeletons/REAL.c
+++ b/skeletons/REAL.c
@@ -694,6 +694,7 @@
if(!st->buf || st->size < 2) {
ptr = (uint8_t *)MALLOC(2);
if(!ptr) return -1;
+ if(st->buf) FREEMEM(st->buf);
st->buf = ptr;
}
/* fpclassify(3) is not portable yet */
@@ -717,6 +718,7 @@
} else {
/* Negative zero. #8.5.3, 8.5.9 */
st->buf[0] = 0x43;
+ st->buf[1] = 0;
st->size = 1;
}
}
diff --git a/skeletons/constr_CHOICE.c b/skeletons/constr_CHOICE.c
index 4ecb220..f3a53d3 100644
--- a/skeletons/constr_CHOICE.c
+++ b/skeletons/constr_CHOICE.c
@@ -605,6 +605,7 @@
asn_dec_rval_t tmprval;
void *memb_ptr; /* Pointer to the member */
void **memb_ptr2; /* Pointer to that pointer */
+ unsigned old_present;
elm = &td->elements[edx];
@@ -624,13 +625,14 @@
XER_ADVANCE(tmprval.consumed);
ASN_DEBUG("XER/CHOICE: itdf: [%s] code=%d",
elm->type->name, tmprval.code);
- if(tmprval.code != RC_OK)
- RETURN(tmprval.code);
- assert(_fetch_present_idx(st,
- specs->pres_offset, specs->pres_size) == 0);
+ old_present = _fetch_present_idx(st,
+ specs->pres_offset, specs->pres_size);
+ assert(old_present == 0 || old_present == edx + 1);
/* Record what we've got */
_set_present_idx(st,
specs->pres_offset, specs->pres_size, edx + 1);
+ if(tmprval.code != RC_OK)
+ RETURN(tmprval.code);
ctx->phase = 3;
/* Fall through */
}
diff --git a/tests/tests-c-compiler/check-assembly.sh b/tests/tests-c-compiler/check-assembly.sh
index 08420ec..0f945f7 100755
--- a/tests/tests-c-compiler/check-assembly.sh
+++ b/tests/tests-c-compiler/check-assembly.sh
@@ -123,7 +123,7 @@
check-fuzzer:
TARGETS
else
- CHECK_FUZZER="UBSAN_OPTIONS=print_stacktrace=1 ./check-fuzzer -timeout=3 -max_total_time=60 -max_len=512 -detect_leaks=1 ${OPT_DATA_DIR}"
+ CHECK_FUZZER="ASAN_OPTIONS=detect_leaks=1 UBSAN_OPTIONS=print_stacktrace=1 ./check-fuzzer -timeout=3 -max_total_time=60 -max_len=512 ${OPT_DATA_DIR}"
cat <<TARGETS >> "${testdir}/Makefile.targets"
check-fuzzer: \$(OBJS)
rm -f ${source_obj}
@@ -140,9 +140,13 @@
\$(MAKE) check-fuzzer
@rm -f check-succeeded
./check-executable
- ${CHECK_FUZZER}
+ \$(MAKE) fuzz
@touch check-succeeded
+.PHONY: fuzz
+fuzz:
+ ${CHECK_FUZZER}
+
check: check-succeeded
clean:
diff --git a/tests/tests-skeletons/Makefile.am b/tests/tests-skeletons/Makefile.am
index ce74b65..d298293 100644
--- a/tests/tests-skeletons/Makefile.am
+++ b/tests/tests-skeletons/Makefile.am
@@ -26,3 +26,4 @@
LDADD = -lm
TESTS = $(check_PROGRAMS)
+TESTS_ENVIRONMENT= ASAN_OPTIONS=detect_leaks=1 UBSAN_OPTIONS=print_stacktrace=1