Merge pull request #4431 from lhchavez/fix-stream-leak

libFuzzer: Fix a git_packfile_stream leak

2 files changed, 30 insertions, 0 deletions

diff --git a/src/indexer.c b/src/indexer.c
index 766bbc3c3..aedefe523 100644
--- a/src/indexer.c
+++ b/src/indexer.c
@@ -1119,6 +1119,9 @@ void git_indexer_free(git_indexer *idx)
 	if (idx == NULL)
 		return;
 
+	if (idx->have_stream)
+		git_packfile_stream_free(&idx->stream);
+
 	git_vector_free_deep(&idx->objects);
 
 	if (idx->pack->idx_cache) {
diff --git a/tests/pack/indexer.c b/tests/pack/indexer.c
index c73d3974e..a28ee3e07 100644
--- a/tests/pack/indexer.c
+++ b/tests/pack/indexer.c
@@ -40,6 +40,17 @@ static const unsigned char thin_pack[] = {
 };
 static const unsigned int thin_pack_len = 78;
 
+/*
+ * Packfile that causes the packfile stream to open in a way in which it leaks
+ * the stream reader.
+ */
+static const unsigned char leaky_pack[] = {
+	0x50, 0x41, 0x43, 0x4b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03,
+	0xf4, 0xbd, 0x51, 0x51, 0x51, 0x51, 0x51, 0x72, 0x65, 0x41, 0x4b, 0x63,
+	0x5f, 0x64, 0x65, 0x70, 0x74, 0x68, 0xbd, 0x41, 0x4b
+};
+static const unsigned int leaky_pack_len = 33;
+
 static const unsigned char base_obj[] = { 07, 076 };
 static const unsigned int base_obj_len = 2;
 
@@ -60,6 +71,22 @@ void test_pack_indexer__out_of_order(void)
 	git_indexer_free(idx);
 }
 
+void test_pack_indexer__leaky(void)
+{
+	git_indexer *idx = 0;
+	git_transfer_progress stats = { 0 };
+
+	cl_git_pass(git_indexer_new(&idx, ".", 0, NULL, NULL, NULL));
+	cl_git_pass(git_indexer_append(
+		idx, leaky_pack, leaky_pack_len, &stats));
+	cl_git_fail(git_indexer_commit(idx, &stats));
+
+	cl_assert(giterr_last() != NULL);
+	cl_assert_equal_i(giterr_last()->klass, GITERR_INDEXER);
+
+	git_indexer_free(idx);
+}
+
 void test_pack_indexer__fix_thin(void)
 {
 	git_indexer *idx = NULL;