From 53747f127902a40674ea3655552be8868b1a8067 Mon Sep 17 00:00:00 2001
From: Andrew Jerry V <142659281+AndrewJerryV@users.noreply.github.com>
Date: Mon, 5 May 2025 18:02:57 +0530
Subject: [PATCH] Fix memory leak in fuzz_array.c caused by cupsArrayDup

This change adds a loop to explicitly free the strdup'd strings inside the array returned by cupsArrayDup.

cupsArrayDup creates a shallow copy of the array and duplicates each element using strdup(), but does not associate a free callback with the new array. Without manual deallocation, these duplicated strings are leaked.

The added loop iterates over the elements in the duplicated array and frees them before deleting the array itself, ensuring proper cleanup and resolving the LeakSanitizer issue.

Tested with:
  python3 infra/helper.py run_fuzzer cups fuzz_array
---
 projects/cups/fuzzer/fuzz_array.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/projects/cups/fuzzer/fuzz_array.c b/projects/cups/fuzzer/fuzz_array.c
index 8a9b758..06a8267 100644
--- a/projects/cups/fuzzer/fuzz_array.c
+++ b/projects/cups/fuzzer/fuzz_array.c
@@ -153,6 +153,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     if (text != saved[i])
       break;
   }
+	
+  for (char *elem = (char *)cupsArrayGetFirst(dup_array); elem != NULL; elem = (char *)cupsArrayGetNext(dup_array)) {
+    free(elem);  // Explicitly free each strdup'd string
+  }
 
   // Delete the arrays...
   cupsArrayDelete(array);