[lcms] Fix unused context leak and wrong return value in cms_cgats_fuzzer #15075
Description
Summary
This is not a bug in lcms. It is a bug in cms_cgats_fuzzer with two issues:
- Unused context leak:
cmsCreateContextcalled at line 23 but the context is never used or freed - Wrong return value:
return 1on the normal exit path (line 75) instead ofreturn 0
Bug Details
Issue 1: Unused context (P1)
cmsContext context = cmsCreateContext(NULL, (void *)data); // line 23
// context is NEVER used — all cmsIT8* calls use 0 (NULL/global context):
it8 = cmsIT8Alloc(0); // line 32 — uses global context
it8 = cmsIT8LoadFromFile(0, "TEST.IT8"); // line 66 — uses global context
// context is NEVER freed — no cmsDeleteContext anywhereIssue 2: Wrong return value (P1)
cmsIT8Free(it8);
return 1; // line 75 — should be return 0LLVMFuzzerTestOneInput must return 0 per the libFuzzer contract. Non-zero returns are reserved for special semantics (e.g., -1 means "don't add to corpus" in some versions).
Suggested Fix
Remove the unused cmsCreateContext call and change return 1 to return 0.
Coverage Comparison
| Version | Lines | Functions |
|---|---|---|
| Original | 5.55% | 9.78% |
| Fixed | 4.57% | 7.44% |
Coverage decreased slightly — the removed cmsCreateContext call was contributing dead coverage of context internals, not meaningful testing.