Fix memory leaks in sapi/fuzzer

Lung-Alexandra · Lung-Alexandra · commit 8f3e03284764 · 2025-03-16T15:51:46.000+02:00
diff --git a/sapi/fuzzer/fuzzer-json.c b/sapi/fuzzer/fuzzer-json.c
@@ -15,8 +15,6 @@
    +----------------------------------------------------------------------+
  */
 
-
-
 #include "fuzzer.h"
 
 #include "Zend/zend.h"
@@ -31,14 +29,15 @@
 #include "ext/json/php_json_parser.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-	char *data = malloc(Size+1);
-	memcpy(data, Data, Size);
-	data[Size] = '\0';
 
-	if (fuzzer_request_startup() == FAILURE) {
+	if (fuzzer_request_startup() == FAILURE){
 		return 0;
 	}
 
+	char *data = malloc(Size + 1);
+	memcpy(data, Data, Size);
+	data[Size] = '\0';
+
 	for (int option = 0; option <=1; ++option) {
 		zval result;
 		php_json_parser parser;
diff --git a/sapi/fuzzer/fuzzer-mbregex.c b/sapi/fuzzer/fuzzer-mbregex.c
@@ -30,15 +30,16 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 #ifdef HAVE_MBREGEX
-	char *args[2];
-	char *data = malloc(Size+1);
-	memcpy(data, Data, Size);
-	data[Size] = '\0';
 
 	if (fuzzer_request_startup() == FAILURE) {
 		return 0;
 	}
 
+	char *args[2];
+	char *data = malloc(Size+1);
+	memcpy(data, Data, Size);
+	data[Size] = '\0';
+
 	fuzzer_setup_dummy_frame();
 
 	args[0] = data;
diff --git a/sapi/fuzzer/fuzzer-unserialize.c b/sapi/fuzzer/fuzzer-unserialize.c
@@ -30,14 +30,15 @@
 #include "ext/standard/php_var.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-	unsigned char *orig_data = malloc(Size+1);
-	memcpy(orig_data, Data, Size);
-	orig_data[Size] = '\0';
 
 	if (fuzzer_request_startup() == FAILURE) {
 		return 0;
 	}
 
+	unsigned char *orig_data = malloc(Size+1);
+	memcpy(orig_data, Data, Size);
+	orig_data[Size] = '\0';
+
 	fuzzer_setup_dummy_frame();
 
 	{
diff --git a/sapi/fuzzer/fuzzer-unserializehash.c b/sapi/fuzzer/fuzzer-unserializehash.c
@@ -34,15 +34,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t FullSize) {
 	}
 	++Start;
 
+	if (fuzzer_request_startup() == FAILURE) {
+		return 0;
+	}
+
 	size_t Size = (Data + FullSize) - Start;
 	unsigned char *orig_data = malloc(Size+1);
 	memcpy(orig_data, Start, Size);
 	orig_data[Size] = '\0';
 
-	if (fuzzer_request_startup() == FAILURE) {
-		return 0;
-	}
-
 	fuzzer_setup_dummy_frame();
 
 	{
