From 03d9c8c6e4e984c92ca89929b131b4bc72cf47a4 Mon Sep 17 00:00:00 2001 From: OwenSanzas Date: Mon, 10 Nov 2025 22:54:42 +0000 Subject: [PATCH] Fix memory allocation/deallocation mismatch in fuzz_array.c The fuzzer was using C's free() to deallocate memory allocated with C++'s new[] operator, causing an immediate crash when built with AddressSanitizer: ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new [] vs free) This prevents the fuzzer from running and testing CUPS array functionality. Root cause: - Memory allocated with new[] in fuzz_helpers.cpp (lines 21, 24) - Memory freed with free() in fuzz_array.c (lines 161-162) - C++ requires new[] to be paired with delete[], not free() Fix: Replace incorrect free() calls with the existing free_fuzz_array_data() helper function that properly uses delete[] operator. This allows the fuzzer to run successfully and test CUPS code without immediate crashes. --- projects/cups/fuzzer/fuzz_array.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/cups/fuzzer/fuzz_array.c b/projects/cups/fuzzer/fuzz_array.c index 8a9b758..40aa228 100644 --- a/projects/cups/fuzzer/fuzz_array.c +++ b/projects/cups/fuzzer/fuzz_array.c @@ -158,8 +158,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { cupsArrayDelete(array); cupsArrayDelete(dup_array); - free(first_string); - free(second_string); + // Free fuzz input data using the correct C++ delete[] + free_fuzz_array_data(&fuzzInput); if (status != 0) { abort();