From b637de0ad47c32ab12ec91638434b3ba9400152c Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sat, 27 Apr 2019 12:32:27 +0100
Subject: [PATCH] [Fix] Fix use after free

Issue: #2867
Closes: #2867
---
 src/libmime/archives.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/libmime/archives.c b/src/libmime/archives.c
index ed49db4b3..9c0336ac8 100644
--- a/src/libmime/archives.c
+++ b/src/libmime/archives.c
@@ -1173,22 +1173,22 @@ rspamd_7zip_read_coders_info (struct rspamd_task *task,
 					return NULL;
 				}
 
+				if (folder_nstreams) {
+					g_free (folder_nstreams);
+				}
+
 				folder_nstreams = g_malloc (sizeof (int) * num_folders);
 
 				for (i = 0; i < num_folders && p != NULL && p < end; i++) {
 					p = rspamd_7zip_read_folder (task, p, end, arch,
 							&folder_nstreams[i], &num_digests);
 				}
-
-				g_free (folder_nstreams);
 			}
 			break;
 		case kCodersUnPackSize:
 			for (i = 0; i < num_folders && p != NULL && p < end; i++) {
 				if (folder_nstreams) {
 					for (guint j = 0; j < folder_nstreams[i]; j++) {
-						guint64 tmp;
-
 						SZ_READ_VINT (tmp); /* Unpacked size */
 						msg_debug_archive ("7zip: unpacked size "
 										   "(folder=%d, stream=%d) = %L",
@@ -1237,6 +1237,10 @@ end:
 		*pnum_folders = num_folders;
 	}
 
+	if (folder_nstreams) {
+		g_free (folder_nstreams);
+	}
+
 	return p;
 }
 
-- 
2.39.5