From e27cbb81563ba87dc5c0ecb5aa93c899c13d022b Mon Sep 17 00:00:00 2001
From: Mickey Sola <micksola@cisco.com>
Date: Mon, 18 Apr 2022 22:04:45 -0400
Subject: [PATCH] clam-1650 fixing leak when exporting pdf json metadata

Cleanup for the pdf->stats structure wasn't guaranteed when handling
a fatal memory error. This fix pulls stats cleanup into its own function
and handles the case where there's a fatal memory error by moving the
function call below the err: tag.

This fix also removes an extraneous call to pdf_export_json.
---
 libclamav/pdf.c | 130 ++++++++++++++++++++++++++----------------------
 1 file changed, 70 insertions(+), 60 deletions(-)

diff --git a/libclamav/pdf.c b/libclamav/pdf.c
index 5086f9dee2..1762bce4cf 100644
--- a/libclamav/pdf.c
+++ b/libclamav/pdf.c
@@ -3510,9 +3510,7 @@ cl_error_t cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)
     if (!tmp) {
         cli_dbgmsg("cli_pdf: no PDF- header found\n");
         noisy_warnmsg("cli_pdf: no PDF- header found\n");
-#if HAVE_JSON
-        pdf_export_json(&pdf);
-#endif
+
         rc = CL_SUCCESS;
         goto done;
     }
@@ -3722,11 +3720,12 @@ cl_error_t cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)
         rc = CL_EFORMAT;
     }
 
+err:
+
 #if HAVE_JSON
     pdf_export_json(&pdf);
 #endif
 
-err:
     if (pdf.objstms) {
         for (i = 0; i < pdf.nobjstms; i++) {
             if (pdf.objstms[i]) {
@@ -4490,6 +4489,71 @@ static void Colors_cb(struct pdf_struct *pdf, struct pdf_obj *obj, struct pdfnam
 }
 #endif
 
+#if HAVE_JSON
+static void pdf_free_stats(struct pdf_struct *pdf) {
+
+    if (!pdf) {
+        return;
+    }
+
+    if ((pdf->stats.author)) {
+        if (pdf->stats.author->data)
+            free(pdf->stats.author->data);
+        free(pdf->stats.author);
+        pdf->stats.author = NULL;
+    }
+
+    if (pdf->stats.creator) {
+        if (pdf->stats.creator->data)
+            free(pdf->stats.creator->data);
+        free(pdf->stats.creator);
+        pdf->stats.creator = NULL;
+    }
+
+    if (pdf->stats.producer) {
+        if (pdf->stats.producer->data)
+            free(pdf->stats.producer->data);
+        free(pdf->stats.producer);
+        pdf->stats.producer = NULL;
+    }
+
+    if (pdf->stats.modificationdate) {
+        if (pdf->stats.modificationdate->data)
+            free(pdf->stats.modificationdate->data);
+        free(pdf->stats.modificationdate);
+        pdf->stats.modificationdate = NULL;
+    }
+
+    if (pdf->stats.creationdate) {
+        if (pdf->stats.creationdate->data)
+            free(pdf->stats.creationdate->data);
+        free(pdf->stats.creationdate);
+        pdf->stats.creationdate = NULL;
+    }
+
+    if (pdf->stats.title) {
+        if (pdf->stats.title->data)
+            free(pdf->stats.title->data);
+        free(pdf->stats.title);
+        pdf->stats.title = NULL;
+    }
+
+    if (pdf->stats.subject) {
+        if (pdf->stats.subject->data)
+            free(pdf->stats.subject->data);
+        free(pdf->stats.subject);
+        pdf->stats.subject = NULL;
+    }
+
+    if (pdf->stats.keywords) {
+        if (pdf->stats.keywords->data)
+            free(pdf->stats.keywords->data);
+        free(pdf->stats.keywords);
+        pdf->stats.keywords = NULL;
+    }
+}
+#endif
+
 #if HAVE_JSON
 static void pdf_export_json(struct pdf_struct *pdf)
 {
@@ -4768,60 +4832,6 @@ static void pdf_export_json(struct pdf_struct *pdf)
     }
 
 cleanup:
-    if ((pdf->stats.author)) {
-        if (pdf->stats.author->data)
-            free(pdf->stats.author->data);
-        free(pdf->stats.author);
-        pdf->stats.author = NULL;
-    }
-
-    if (pdf->stats.creator) {
-        if (pdf->stats.creator->data)
-            free(pdf->stats.creator->data);
-        free(pdf->stats.creator);
-        pdf->stats.creator = NULL;
-    }
-
-    if (pdf->stats.producer) {
-        if (pdf->stats.producer->data)
-            free(pdf->stats.producer->data);
-        free(pdf->stats.producer);
-        pdf->stats.producer = NULL;
-    }
-
-    if (pdf->stats.modificationdate) {
-        if (pdf->stats.modificationdate->data)
-            free(pdf->stats.modificationdate->data);
-        free(pdf->stats.modificationdate);
-        pdf->stats.modificationdate = NULL;
-    }
-
-    if (pdf->stats.creationdate) {
-        if (pdf->stats.creationdate->data)
-            free(pdf->stats.creationdate->data);
-        free(pdf->stats.creationdate);
-        pdf->stats.creationdate = NULL;
-    }
-
-    if (pdf->stats.title) {
-        if (pdf->stats.title->data)
-            free(pdf->stats.title->data);
-        free(pdf->stats.title);
-        pdf->stats.title = NULL;
-    }
-
-    if (pdf->stats.subject) {
-        if (pdf->stats.subject->data)
-            free(pdf->stats.subject->data);
-        free(pdf->stats.subject);
-        pdf->stats.subject = NULL;
-    }
-
-    if (pdf->stats.keywords) {
-        if (pdf->stats.keywords->data)
-            free(pdf->stats.keywords->data);
-        free(pdf->stats.keywords);
-        pdf->stats.keywords = NULL;
-    }
+    pdf_free_stats(pdf);
 }
-#endif
+#endif
\ No newline at end of file