Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mapshape: fix double free bug after error in msSHPReadShape()
After freeing the "line" field, we need to clear it, or else it will be freed again in msFreeShape(). In two code paths, the "numlines" field was not cleared, which could lead to a use-after-free bug in msFreeShape(), which in turn could either crash or lead to another double-free bug in msFreeShape(). Vulnerability found with libFuzzer.
- Loading branch information