fix: fix memory leaks in User::find() functions

Previously, if zmDbFetch returned a result but mysql_num_rows != 1, the MYSQL_RES was not freed before returning nullptr, causing a memory leak. Now properly frees the result in all code paths. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-24 16:51:47 -04:00 · 2026-02-03 12:24:07 -05:00
parent 446b1a563b
commit 7caeedb2be
1 changed files with 16 additions and 10 deletions
--- a/src/zm_user.cpp
+++ b/src/zm_user.cpp
@@ -135,13 +135,16 @@ User *User::find(const std::string &username) {
                             " FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1",
                             escaped_username.c_str());
  MYSQL_RES *result = zmDbFetch(sql);
-  if (result && mysql_num_rows(result) == 1 ) {
-    MYSQL_ROW dbrow = mysql_fetch_row(result);
-    User *user = new User(dbrow);
+  if (!result)
+    return nullptr;
+  if (mysql_num_rows(result) != 1) {
    mysql_free_result(result);
-    return user;
+    return nullptr;
  }
-  return nullptr;
+  MYSQL_ROW dbrow = mysql_fetch_row(result);
+  User *user = new User(dbrow);
+  mysql_free_result(result);
+  return user;
 }

 User *User::find(int id) {
@@ -150,13 +153,16 @@ User *User::find(int id) {
                             " FROM `Users` WHERE `Id` = %d AND `Enabled` = 1",
                             id);
  MYSQL_RES *result = zmDbFetch(sql);
-  if (result && mysql_num_rows(result) == 1 ) {
-    MYSQL_ROW dbrow = mysql_fetch_row(result);
-    User *user = new User(dbrow);
+  if (!result)
+    return nullptr;
+  if (mysql_num_rows(result) != 1) {
    mysql_free_result(result);
-    return user;
+    return nullptr;
  }
-  return nullptr;
+  MYSQL_ROW dbrow = mysql_fetch_row(result);
+  User *user = new User(dbrow);
+  mysql_free_result(result);
+  return user;
 }

 std::string User::getAuthHash() {