File CVE-2024-53984.patch of Package nanopb

From 2b86c255aa52250438d5aba124d0e86db495b378 Mon Sep 17 00:00:00 2001
From: Petteri Aimonen <jpa@git.mail.kapsi.fi>
Date: Sun, 1 Dec 2024 11:40:38 +0200
Subject: [PATCH] Fix memory not released on error return (GHSA-xwqq-qxmw-hj5r)

When all of the following conditions apply:

* Compile time option PB_ENABLE_MALLOC is enabled.
* Message contains at least one field with FT_POINTER field type.
* Custom stream callback is used with unknown stream length (stream.bytes_left = SIZE_MAX)
* pb_decode_ex() function is used with flag PB_DECODE_DELIMITED.
* The input message is corrupted (accidentally or maliciously) in the length prefix.

Then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases.
This could lead to memory leak and potential denial-of-service.
---
 pb_decode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pb_decode.c b/pb_decode.c
index 5f41c122..5b919aa5 100644
--- a/pb_decode.c
+++ b/pb_decode.c
@@ -1196,7 +1196,7 @@ bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields,
       status = pb_decode_inner(&substream, fields, dest_struct, flags);
 
       if (!pb_close_string_substream(stream, &substream))
-        return false;
+        status = false;
     }
     
 #ifdef PB_ENABLE_MALLOC