From ab1f394910103615d015077d538cb71c363397fc Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Tue, 23 May 2023 19:01:40 -0700
Subject: [PATCH 9/9] fix memory leak and array access out of range

Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---
 .../oci/storage/remote_layer_support/remote_support.c  |  4 ++--
 .../storage/remote_layer_support/ro_symlink_maintain.c |  2 +-
 src/utils/http/parser.c                                | 10 ++++++++++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
index 748298cb..400678c4 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/remote_support.c
@@ -105,12 +105,12 @@ int remote_start_refresh_thread(pthread_rwlock_t *remote_lock)
     res = pthread_create(&a_thread, NULL, remote_refresh_ro_symbol_link, (void *)&supporters);
     if (res != 0) {
         CRIT("Thread creation failed");
-        return -1;
+        goto free_out;
     }
 
     if (pthread_detach(a_thread) != 0) {
         SYSERROR("Failed to detach 0x%lx", a_thread);
-        return -1;
+        goto free_out;
     }
 
     return 0;
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
index 0e2b671b..2bcc43e6 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/ro_symlink_maintain.c
@@ -136,7 +136,7 @@ static int do_build_ro_dir(const char *home, const char *id)
     nret = asprintf(&ro_layer_dir, "%s/%s/%s", home, REMOTE_RO_LAYER_DIR, id);
     if (nret < 0 || nret > PATH_MAX) {
         SYSERROR("Failed to create ro layer dir path");
-        return -1;
+        goto out;
     }
 
     if (util_mkdir_p(ro_layer_dir, IMAGE_STORE_PATH_MODE) != 0) {
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 12df2435..a79893ba 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -88,6 +88,11 @@ static int parser_cb_header_field(http_parser *parser, const char *buf,
         m->num_headers++;
     }
 
+    if (m->num_headers == 0) {
+        ERROR("Failed to parse header field because headers num is 0");
+        return -1;
+    }
+
     strlncat(m->headers[m->num_headers - 1][0], sizeof(m->headers[m->num_headers - 1][0]), buf, len);
 
     m->last_header_element = FIELD;
@@ -100,6 +105,11 @@ static int parser_cb_header_value(http_parser *parser, const char *buf,
                                   size_t len)
 {
     struct parsed_http_message *m = parser->data;
+    
+    if (m->num_headers == 0) {
+        ERROR("Failed to parse header value because headers num is 0");
+        return -1;
+    }
 
     strlncat(m->headers[m->num_headers - 1][1], sizeof(m->headers[m->num_headers - 1][1]), buf, len);
     m->last_header_element = VALUE;
-- 
2.40.1