pack: fix heap-double-free in flb_pack_state_reset (fluent#5883)

sashashura · web-flow · commit 74a21b176cd9 · 2022-08-19T18:23:05.000-06:00
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45978 Signed-off-by: Aleks L <93376818+sashashura@users.noreply.github.com>
diff --git a/src/flb_pack.c b/src/flb_pack.c
@@ -333,11 +333,13 @@ int flb_pack_state_init(struct flb_pack_state *s)
 void flb_pack_state_reset(struct flb_pack_state *s)
 {
     flb_free(s->tokens);
+    s->tokens = NULL;
     s->tokens_size  = 0;
     s->tokens_count = 0;
     s->last_byte    = 0;
     s->buf_size     = 0;
     flb_free(s->buf_data);
+    s->buf_data = NULL;
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -333,11 +333,13 @@ int flb_pack_state_init(struct flb_pack_state *s)`
`333`	`333`	`void flb_pack_state_reset(struct flb_pack_state *s)`
`334`	`334`	`{`
`335`	`335`	`flb_free(s->tokens);`
	`336`	`+ s->tokens = NULL;`
`336`	`337`	`s->tokens_size = 0;`
`337`	`338`	`s->tokens_count = 0;`
`338`	`339`	`s->last_byte = 0;`
`339`	`340`	`s->buf_size = 0;`
`340`	`341`	`flb_free(s->buf_data);`
	`342`	`+ s->buf_data = NULL;`
`341`	`343`	`}`
`342`	`344`
`343`	`345`