From 5ed310e9551170f46a11242e0433dde7c2dd8257 Mon Sep 17 00:00:00 2001 From: AbelPau <92721356+AbelPau@users.noreply.github.com> Date: Wed, 25 Sep 2024 19:27:01 +0200 Subject: [PATCH] MiraMonVector: fix memory leak on corrupted products (oss-fuzz 369216702) (#10872) --- ogr/ogrsf_frmts/miramon/mm_wrlayr.c | 15 +++++++++++++++ ogr/ogrsf_frmts/miramon/ogrmiramonlayer.cpp | 21 +++++++++++++++++++-- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/ogr/ogrsf_frmts/miramon/mm_wrlayr.c b/ogr/ogrsf_frmts/miramon/mm_wrlayr.c index 3af35c78a5d7..6fc1530b70c0 100644 --- a/ogr/ogrsf_frmts/miramon/mm_wrlayr.c +++ b/ogr/ogrsf_frmts/miramon/mm_wrlayr.c @@ -6255,6 +6255,11 @@ int MMCreateMMDB(struct MiraMonVectLayerInfo *hMiraMonLayer, hMiraMonLayer->nSRSType = MM_SRS_LAYER_IS_GEOGRAPHIC_TYPE; } + // Before allocating new memory, there might be some previously allocated but unused memory. + // Let's free that memory first. + if (hMiraMonLayer->MMArc.MMAdmDB.pMMBDXP) + MM_ReleaseDBFHeader(&hMiraMonLayer->MMArc.MMAdmDB.pMMBDXP); + if (hMiraMonLayer->bIsPoint) { if (hMiraMonLayer->pLayerDB) @@ -6293,6 +6298,11 @@ int MMCreateMMDB(struct MiraMonVectLayerInfo *hMiraMonLayer, : 9))) return 1; + // Before allocating new memory, there might be some previously allocated but unused memory. + // Let's free that memory first. + if (hMiraMonLayer->MMArc.MMNode.MMAdmDB.pMMBDXP) + MM_ReleaseDBFHeader(&hMiraMonLayer->MMArc.MMNode.MMAdmDB.pMMBDXP); + pBD_XP_Aux = hMiraMonLayer->MMArc.MMNode.MMAdmDB.pMMBDXP = MM_CreateDBFHeader(3, hMiraMonLayer->nCharSet); @@ -6326,6 +6336,11 @@ int MMCreateMMDB(struct MiraMonVectLayerInfo *hMiraMonLayer, : 12))) return 1; + // Before allocating new memory, there might be some previously allocated but unused memory. + // Let's free that memory first. + if (hMiraMonLayer->MMArc.MMNode.MMAdmDB.pMMBDXP) + MM_ReleaseDBFHeader(&hMiraMonLayer->MMArc.MMNode.MMAdmDB.pMMBDXP); + pBD_XP_Aux = hMiraMonLayer->MMPolygon.MMArc.MMAdmDB.pMMBDXP = MM_CreateDBFHeader(5, hMiraMonLayer->nCharSet); diff --git a/ogr/ogrsf_frmts/miramon/ogrmiramonlayer.cpp b/ogr/ogrsf_frmts/miramon/ogrmiramonlayer.cpp index b3b7e4f3e068..974935e619cc 100644 --- a/ogr/ogrsf_frmts/miramon/ogrmiramonlayer.cpp +++ b/ogr/ogrsf_frmts/miramon/ogrmiramonlayer.cpp @@ -527,6 +527,9 @@ OGRMiraMonLayer::~OGRMiraMonLayer() if (MMCloseLayer(&hMiraMonLayerPOL)) { CPLDebugOnly("MiraMon", "Error closing polygons layer"); + + // In case of closing we need to destroy memory + MMDestroyLayer(&hMiraMonLayerPOL); } if (hMiraMonLayerPOL.TopHeader.nElemCount) { @@ -548,6 +551,9 @@ OGRMiraMonLayer::~OGRMiraMonLayer() if (MMCloseLayer(&hMiraMonLayerARC)) { CPLDebugOnly("MiraMon", "Error closing arcs layer"); + + // In case of closing we need to destroy memory + MMDestroyLayer(&hMiraMonLayerARC); } if (hMiraMonLayerARC.TopHeader.nElemCount) { @@ -570,6 +576,9 @@ OGRMiraMonLayer::~OGRMiraMonLayer() if (MMCloseLayer(&hMiraMonLayerPNT)) { CPLDebugOnly("MiraMon", "Error closing points layer"); + + // In case of closing we need to destroy memory + MMDestroyLayer(&hMiraMonLayerPNT); } if (hMiraMonLayerPNT.TopHeader.nElemCount) { @@ -593,7 +602,11 @@ OGRMiraMonLayer::~OGRMiraMonLayer() { CPLDebugOnly("MiraMon", "Closing MiraMon DBF table ..."); } - MMCloseLayer(&hMiraMonLayerReadOrNonGeom); + if (MMCloseLayer(&hMiraMonLayerReadOrNonGeom)) + { + // In case of closing we need to destroy memory + MMDestroyLayer(&hMiraMonLayerReadOrNonGeom); + } if (hMiraMonLayerReadOrNonGeom.ReadOrWrite == MM_WRITING_MODE) { CPLDebugOnly("MiraMon", "MiraMon DBF table closed"); @@ -610,7 +623,11 @@ OGRMiraMonLayer::~OGRMiraMonLayer() { CPLDebugOnly("MiraMon", "Closing MiraMon layer ..."); } - MMCloseLayer(&hMiraMonLayerReadOrNonGeom); + if (MMCloseLayer(&hMiraMonLayerReadOrNonGeom)) + { + // In case of closing we need to destroy memory + MMDestroyLayer(&hMiraMonLayerReadOrNonGeom); + } if (hMiraMonLayerReadOrNonGeom.ReadOrWrite == MM_WRITING_MODE) { CPLDebugOnly("MiraMon", "MiraMon layer closed");