loadClass(): better fix for class->styles[] mem-leak

rouault · github-actions[bot] · commit f071dca3ae64 · 2022-10-05T10:30:55.000Z
Improved fix of #6651 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52107
diff --git a/mapfile.c b/mapfile.c
@@ -2949,11 +2949,6 @@ int freeClass(classObj *class)
       }
     }
   }
-  if( class->numstyles == 0 && class->styles != NULL &&
-      class->styles[0] != NULL ) {
-    /* msGrowClassStyles() creates class->styles[0] during the first call */
-    msFree(class->styles[0]);
-  }
   msFree(class->styles);
 
   for(i=0; i<class->numlabels; i++) { /* each label */
@@ -3276,7 +3271,12 @@ int loadClass(classObj *class, layerObj *layer)
         if(msGrowClassStyles(class) == NULL)
           return(-1);
         initStyle(class->styles[class->numstyles]);
-        if(loadStyle(class->styles[class->numstyles]) != MS_SUCCESS) return(-1);
+        if(loadStyle(class->styles[class->numstyles]) != MS_SUCCESS) {
+            freeStyle(class->styles[class->numstyles]);
+            free(class->styles[class->numstyles]);
+            class->styles[class->numstyles] = NULL;
+            return(-1);
+        }
         class->numstyles++;
         break;
       case(TEMPLATE):
