Commit 862844ddf9 for openssl.org
commit 862844ddf9f844863b309db47765615940b09cc8
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date: Tue Jun 30 15:03:25 2026 +0200
fuzz/provider.c: check evp##_up_ref return value in collect_##evp
Coverity has reported an unchecked result of an evp##_up_ref call
that is checked elsewhere. Rewrite the collect routine to try to do
the up_ref first, and then call free if push doesn't succeed.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1695451
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1695454
Fixes: f3b988dc2951 "Add provider fuzzer"
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Jul 2 07:26:22 2026
(Merged from https://github.com/openssl/openssl/pull/31792)
diff --git a/fuzz/provider.c b/fuzz/provider.c
index 981be0690d..e3acf3e470 100644
--- a/fuzz/provider.c
+++ b/fuzz/provider.c
@@ -32,8 +32,11 @@
{ \
STACK_OF(evp) *obj_stack = stack; \
\
- if (sk_##evp##_push(obj_stack, obj) > 0) \
- evp##_up_ref(obj); \
+ if (!evp##_up_ref(obj)) \
+ return; \
+ \
+ if (sk_##evp##_push(obj_stack, obj) <= 0) \
+ evp##_free(obj); \
} \
static void init_##name(OSSL_LIB_CTX *libctx) \
{ \