From 4103687f766405339b59d595b7ab7e5cd6f8ca33 Mon Sep 17 00:00:00 2001
From: hexcoder- <heiko@hexco.de>
Date: Sat, 27 Jun 2020 00:13:24 +0200
Subject: afl-sharedmem.c: fix leaks on error paths (SysV shared memory)

---
 src/afl-sharedmem.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'src/afl-sharedmem.c')

diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c
index 06f46989..77767f21 100644
--- a/src/afl-sharedmem.c
+++ b/src/afl-sharedmem.c
@@ -239,7 +239,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
     shm->cmplog_shm_id = shmget(IPC_PRIVATE, sizeof(struct cmp_map),
                                 IPC_CREAT | IPC_EXCL | 0600);
 
-    if (shm->cmplog_shm_id < 0) { PFATAL("shmget() failed"); }
+    if (shm->cmplog_shm_id < 0) {
+      shmctl(shm->shm_id, IPC_RMID, NULL); // do not leak shmem
+      PFATAL("shmget() failed");
+    }
 
   }
 
@@ -266,7 +269,13 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
 
   shm->map = shmat(shm->shm_id, NULL, 0);
 
-  if (shm->map == (void *)-1 || !shm->map) { PFATAL("shmat() failed"); }
+  if (shm->map == (void *)-1 || !shm->map) {
+    shmctl(shm->shm_id, IPC_RMID, NULL); // do not leak shmem
+    if (shm->cmplog_mode) {
+      shmctl(shm->cmplog_shm_id, IPC_RMID, NULL); // do not leak shmem
+    }
+    PFATAL("shmat() failed");
+  }
 
   if (shm->cmplog_mode) {
 
@@ -274,6 +283,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
 
     if (shm->cmp_map == (void *)-1 || !shm->cmp_map) {
 
+      shmctl(shm->shm_id, IPC_RMID, NULL); // do not leak shmem
+      if (shm->cmplog_mode) {
+        shmctl(shm->cmplog_shm_id, IPC_RMID, NULL); // do not leak shmem
+      }
       PFATAL("shmat() failed");
 
     }
-- 
cgit 1.4.1