From 37b34ca9bfad377e426bf49658ec9df1505747f3 Mon Sep 17 00:00:00 2001
From: GermanAizek <GermanAizek@yandex.ru>
Date: Wed, 20 Aug 2025 01:53:33 +0300
Subject: [PATCH] cbortojson: [CWE-401] fix memory leak when realloc() is fails

This commit also have identical issue as real CVE-2019-17178 vulnerability in FreeRDP project:
Fix commit - https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a
Issue - https://github.com/FreeRDP/FreeRDP/issues/5645

More info about CWE metrics:
https://cwe.mitre.org/data/definitions/401.html
---
 src/cbortojson.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/cbortojson.c b/src/cbortojson.c
index c48fd4d2..61d108ae 100644
--- a/src/cbortojson.c
+++ b/src/cbortojson.c
@@ -329,9 +329,10 @@ static CborError escape_text_string(char **str, size_t *alloc, size_t *offsetp,
         return CborErrorDataTooLarge;
     }
     if (!alloc || needed > *alloc) {
-        buf = cbor_realloc(buf, needed);
-        if (!buf)
+        char *tmp = cbor_realloc(buf, needed);
+        if (!tmp)
             return CborErrorOutOfMemory;
+        buf = tmp;
         if (alloc)
             *alloc = needed;
     }