Only frees instruction if allocated (keystone-engine#375)

* Only frees instruction if allocated

* Avoids memory leak in ks_close for EVM

kstool/kstool.cpp

@@ -91,7 +91,7 @@ int main(int argc, char **argv)
     uint64_t start_addr = 0;
     char *input = NULL;
     size_t count;
-    unsigned char *insn;
+    unsigned char *insn = NULL;
     size_t size;
 
     if (argc == 2) {
@@ -308,7 +308,9 @@ int main(int argc, char **argv)
     }
 
     // NOTE: free insn after usage to avoid leaking memory
-    ks_free(insn);
+    if (insn != NULL) {
+        ks_free(insn);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

llvm/keystone/ks.cpp

@@ -501,6 +501,7 @@ ks_err ks_close(ks_engine *ks)
 
     if (ks->arch == KS_ARCH_EVM) {
         // handle EVM differently
+        delete ks;
         return KS_ERR_OK;
     }
 

suite/fuzz/fuzz_asm_arm64_arm.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_arm_arm.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_arm_armbe.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_arm_armv8be.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_arm_thumb.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_arm_thumbbe.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_arm_thumbv8.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_arm_thumbv8be.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_armv8_arm.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_evm.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_hex.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_mips.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_mips64.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_mips64be.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_mipsbe.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_ppc32be.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_ppc64.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);

suite/fuzz/fuzz_asm_ppc64be.c

@@ -9,7 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     ks_engine *ks;
     ks_err err;
     size_t count;
-    unsigned char *encode;
+    unsigned char *encode = NULL;
     size_t size;
     char * assembler;
 
@@ -55,7 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
     free(assembler);
     // NOTE: free encode after usage to avoid leaking memory
-    ks_free(encode);
+    if (encode != NULL) {
+        ks_free(encode);
+    }
 
     // close Keystone instance when done
     ks_close(ks);