patches/29.parse_cpdsyllable_leak.patch - hunspell - Git at Google

 Change 553210266 by sungyc@sungyc:fig-export-icing-153-change-392:5984:citc on 2023/08/02 11:42:00

 	[hunspell] Fix memory leak for AffixMgr::parse_cpdsyllable

 	## Test plan
 	```
 	sso_client -location 'https://clusterfuzz.corp.google.com/testcase-detail/download-testcase?id=4652897513897984' > /tmp/testcase-4652897513897984 && \
 	blaze --blazerc=/dev/null test --config=asan-fuzzer --test_strategy=local --test_sharding_strategy=disabled \
 	  --test_env=ENABLE_BLAZE_TEST_FUZZING=1 --test_arg=-rss_limit_mb=2560 --test_arg=-timeout=90 --test_arg=-runs=100 --test_arg=/tmp/testcase-4652897513897984 \
 	  //third_party/hunspell/fuzzers:dict_fuzzer
 	```

 	## Description
 	Some weird inputs will cause `parse_cpdsyllable` being called more than once, and the previous allocated `cpdvowels`/`cpdvowels_utf16` won't be freed correctly.

 	This CL adds check: if they're not null, then free the memory before taking any actions.

 	PRESUBMIT=passed
 	BUG=288966266
 	R=mghiware
 	APPROVED=mghiware
 	REQUIRED_REVIEW=1
 	DELTA=9 (9 added, 0 deleted, 0 changed)
 	DELTA_BY_EXTENSION=cxx=9
 	OCL=550684629
 	FIG_CHANGESET=e46312c43117a1d181a34248d38a05c3f87b55ce
 	FIG_WORKSPACE=sungyc/153:icing
 	MARKDOWN=true

 Affected files ...

 ... //depot//src/hunspell/affixmgr.cxx#14 edit

 ==== //depot//src/hunspell/affixmgr.cxx#13 - /google/src/files/553210266/depot//src/hunspell/affixmgr.cxx ====
 --- /google/src/files/542666043/depot//src/hunspell/affixmgr.cxx	2023-06-22 17:19:55.000000000 -0400
 +++ /google/src/files/553210266/depot//src/hunspell/affixmgr.cxx	2023-08-02 14:42:00.000000000 -0400
 @@ -3519,6 +3519,15 @@
  /* parse in the max syllablecount of compound words and  */
  int  AffixMgr::parse_cpdsyllable(char * line, FileMgr * af)
  {
 +   if (cpdvowels) {
 +      free(cpdvowels);
 +      cpdvowels = NULL;
 +   }
 +   if (cpdvowels_utf16) {
 +      free(cpdvowels_utf16);
 +      cpdvowels_utf16 = NULL;
 +      cpdvowels_utf16_len = 0;
 +   }
     char * tp = line;
     char * piece;
     int i = 0;
	Change 553210266 by sungyc@sungyc:fig-export-icing-153-change-392:5984:citc on 2023/08/02 11:42:00

	[hunspell] Fix memory leak for AffixMgr::parse_cpdsyllable

	## Test plan
	```
	sso_client -location 'https://clusterfuzz.corp.google.com/testcase-detail/download-testcase?id=4652897513897984' > /tmp/testcase-4652897513897984 && \
	blaze --blazerc=/dev/null test --config=asan-fuzzer --test_strategy=local --test_sharding_strategy=disabled \
	--test_env=ENABLE_BLAZE_TEST_FUZZING=1 --test_arg=-rss_limit_mb=2560 --test_arg=-timeout=90 --test_arg=-runs=100 --test_arg=/tmp/testcase-4652897513897984 \
	//third_party/hunspell/fuzzers:dict_fuzzer
	```

	## Description
	Some weird inputs will cause `parse_cpdsyllable` being called more than once, and the previous allocated `cpdvowels`/`cpdvowels_utf16` won't be freed correctly.

	This CL adds check: if they're not null, then free the memory before taking any actions.

	PRESUBMIT=passed
	BUG=288966266
	R=mghiware
	APPROVED=mghiware
	REQUIRED_REVIEW=1
	DELTA=9 (9 added, 0 deleted, 0 changed)
	DELTA_BY_EXTENSION=cxx=9
	OCL=550684629
	FIG_CHANGESET=e46312c43117a1d181a34248d38a05c3f87b55ce
	FIG_WORKSPACE=sungyc/153:icing
	MARKDOWN=true

	Affected files ...

	... //depot//src/hunspell/affixmgr.cxx#14 edit

	==== //depot//src/hunspell/affixmgr.cxx#13 - /google/src/files/553210266/depot//src/hunspell/affixmgr.cxx ====
	--- /google/src/files/542666043/depot//src/hunspell/affixmgr.cxx 2023-06-22 17:19:55.000000000 -0400
	+++ /google/src/files/553210266/depot//src/hunspell/affixmgr.cxx 2023-08-02 14:42:00.000000000 -0400
	@@ -3519,6 +3519,15 @@
	/* parse in the max syllablecount of compound words and */
	int AffixMgr::parse_cpdsyllable(char * line, FileMgr * af)
	{
	+ if (cpdvowels) {
	+ free(cpdvowels);
	+ cpdvowels = NULL;
	+ }
	+ if (cpdvowels_utf16) {
	+ free(cpdvowels_utf16);
	+ cpdvowels_utf16 = NULL;
	+ cpdvowels_utf16_len = 0;
	+ }
	char * tp = line;
	char * piece;
	int i = 0;