commit 79b5d57c421c0a0dd3c4f9ddf8ac91eb64319625
author Aayush Soni <aayush.soni@ittiam.com> Wed Jul 28 20:13:49 2021 +0530
committer Aayush Soni <aayush.soni@ittiam.com> Tue Aug 24 22:43:23 2021 +0530
tree 307f75a0690dd5fc0ffbe6a9f7ca25da3f135de8
parent 135e1c7f3e0c65054d78491b89b0d7361feb161f

C2Fuzzer: fix memory leak in Codec2Fuzzer::decodeFrames

Bug: 193286793

Test: POC in bug description

Change-Id: I3ca01b209ac38997b021f10dd0ccbc82964d86ec

media/codec2/fuzzer/C2Fuzzer.cpp

diff --git a/media/codec2/fuzzer/C2Fuzzer.cpp b/media/codec2/fuzzer/C2Fuzzer.cpp
index e35ee48..e469d8b 100644
--- a/media/codec2/fuzzer/C2Fuzzer.cpp
+++ b/media/codec2/fuzzer/C2Fuzzer.cpp
@@ -239,17 +239,17 @@
 }
 
 void Codec2Fuzzer::decodeFrames(const uint8_t* data, size_t size) {
-  mBufferSource = new BufferSource(data, size);
-  if (!mBufferSource) {
+  std::unique_ptr<BufferSource> bufferSource = std::make_unique<BufferSource>(data, size);
+  if (!bufferSource) {
     return;
   }
-  mBufferSource->parse();
+  bufferSource->parse();
   c2_status_t status = C2_OK;
   size_t numFrames = 0;
-  while (!mBufferSource->isEos()) {
+  while (!bufferSource->isEos()) {
     uint8_t* frame = nullptr;
     size_t frameSize = 0;
-    FrameData frameData = mBufferSource->getFrame();
+    FrameData frameData = bufferSource->getFrame();
     frame = std::get<0>(frameData);
     frameSize = std::get<1>(frameData);
 
@@ -298,7 +298,6 @@
   mConditionalVariable.wait_for(waitForDecodeComplete, kC2FuzzerTimeOut, [this] { return mEos; });
   std::list<std::unique_ptr<C2Work>> c2flushedWorks;
   mComponent->flush_sm(C2Component::FLUSH_COMPONENT, &c2flushedWorks);
-  delete mBufferSource;
 }
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {