From 024e49010c32c5840b2c1bd25e4b65f5c4c4a41e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Sat, 3 Feb 2024 18:48:42 +0100
Subject: m_option: fix memory leak in parse_obj_settings_list

Found by fuzzing.
---
 options/m_option.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'options/m_option.c')

diff --git a/options/m_option.c b/options/m_option.c
index 18346d0374..47f9c07883 100644
--- a/options/m_option.c
+++ b/options/m_option.c
@@ -3404,15 +3404,21 @@ static int parse_obj_settings_list(struct mp_log *log, const m_option_t *opt,
         if (r == 0) {
             r = parse_obj_settings(log, name, op, &param, ol, dst ? &res : NULL);
         }
-        if (r < 0)
+        if (r < 0) {
+            free_obj_settings_list(&res);
             return r;
+        }
         if (param.len > 0) {
             const char sep[2] = {OPTION_LIST_SEPARATOR, 0};
-            if (!bstr_eatstart0(&param, sep))
+            if (!bstr_eatstart0(&param, sep)) {
+                free_obj_settings_list(&res);
                 return M_OPT_INVALID;
+            }
             if (param.len == 0) {
-                if (!ol->allow_trailer)
+                if (!ol->allow_trailer) {
+                    free_obj_settings_list(&res);
                     return M_OPT_INVALID;
+                }
                 if (dst) {
                     m_obj_settings_t item = {
                         .name = talloc_strdup(NULL, ""),
@@ -3427,6 +3433,7 @@ static int parse_obj_settings_list(struct mp_log *log, const m_option_t *opt,
         if (op == OP_APPEND) {
             mp_err(log, "Option %.*s: -append takes only 1 filter (no ',').\n",
                    BSTR_P(name));
+            free_obj_settings_list(&res);
             return M_OPT_INVALID;
         }
         mp_warn(log, "Passing more than 1 argument to %.*s is deprecated!\n",
-- 
cgit v1.2.3