Merge pull request from GHSA-fm67-cv37-96ff

Fix double free on string decoding if realloc fails
ultrajson · Jul 2, 2022 · 9c20de0 · 9c20de0
2 parents 67ec071 + b21da40
commit 9c20de0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/ultrajsondec.c b/lib/ultrajsondec.c
@@ -384,7 +384,7 @@ static FASTCALL_ATTR JSOBJ FASTCALL_MSVC decode_string ( struct DecoderState *ds
       escStart = (JSUINT32 *)ds->dec->realloc(ds->escStart, newSize * sizeof(JSUINT32));
       if (!escStart)
       {
-        ds->dec->free(ds->escStart);
+        // Don't free ds->escStart here; it gets handled in JSON_DecodeObject.
         return SetError(ds, -1, "Could not reserve memory block");
       }
       ds->escStart = escStart;