Fix vuln OSV-2024-384

oss-patch · rurban · commit 56d392a7e5ae · 2024-12-24T12:09:55.000+01:00
diff --git a/src/in_json.c b/src/in_json.c
@@ -463,6 +463,7 @@ json_fixed_string (Bit_Chain *restrict dat, const int len,
                          l, &dat->chain[t->start]);
               // len = t->end - t->start;
               free (str);
+              str = NULL;
               goto normal;
             }
           str = (char *)realloc (str, dlen);
@@ -475,6 +476,7 @@ json_fixed_string (Bit_Chain *restrict dat, const int len,
     {
       char *p;
     normal:
+      if (!str) return NULL;
       if (l > len)
         {
           memcpy (str, &dat->chain[t->start], len);
@@ -3831,6 +3833,7 @@ json_R2004_Header (Bit_Chain *restrict dat, Dwg_Data *restrict dwg,
             }
           LOG_TRACE ("file_ID_string: \"%.*s\"\n", 12, _obj->file_ID_string)
           free (s);
+          s = NULL;
         }
       else if (strEQc (key, "padding"))
         {

Original file line number	Diff line number	Diff line change
`@@ -463,6 +463,7 @@ json_fixed_string (Bit_Chain *restrict dat, const int len,`
`463`	`463`	`l, &dat->chain[t->start]);`
`464`	`464`	`// len = t->end - t->start;`
`465`	`465`	`free (str);`
	`466`	`+ str = NULL;`
`466`	`467`	`goto normal;`
`467`	`468`	`}`
`468`	`469`	`str = (char *)realloc (str, dlen);`
`@@ -475,6 +476,7 @@ json_fixed_string (Bit_Chain *restrict dat, const int len,`
`475`	`476`	`{`
`476`	`477`	`char *p;`
`477`	`478`	`normal:`
	`479`	`+ if (!str) return NULL;`
`478`	`480`	`if (l > len)`
`479`	`481`	`{`
`480`	`482`	`memcpy (str, &dat->chain[t->start], len);`
`@@ -3831,6 +3833,7 @@ json_R2004_Header (Bit_Chain restrict dat, Dwg_Data restrict dwg,`
`3831`	`3833`	`}`
`3832`	`3834`	`LOG_TRACE ("file_ID_string: \"%.*s\"\n", 12, _obj->file_ID_string)`
`3833`	`3835`	`free (s);`
	`3836`	`+ s = NULL;`
`3834`	`3837`	`}`
`3835`	`3838`	`else if (strEQc (key, "padding"))`
`3836`	`3839`	`{`