Fix double-free in test::ParseMkvFile cleanup logic

[Naveed8951]

Summary

This PR fixes a double-free bug in libwebm’s test utility helper where test::ParseMkvFile() could free the same heap objects twice, corrupting the heap. The fix enforces single ownership of parser resources and relies on RAII to guarantee safe cleanup on all paths.

Severity

S1 – double-free leading to heap corruption.

Affected Components

• testing/test_util.cc
  • test::ParseMkvFile()
  • test::ParseMkvFileReleaseParser()
  • test::MkvParser::~MkvParser()

Vulnerability Description

test::ParseMkvFile() constructed a stack-allocated MkvParser object whose destructor deletes its owned segment and reader members. The function also manually deleted parser.segment and parser.reader before returning. When the function scope ended, MkvParser::~MkvParser() ran and freed the same objects again, resulting in a double-free.

Certain failure paths could still allocate reader, making the double-free reachable even when parsing fails.

Fix Description

• Removed manual delete calls in test::ParseMkvFile() and relied exclusively on MkvParser’s destructor for cleanup.
• Updated test::ParseMkvFileReleaseParser() to use std::unique_ptr for temporary ownership and to transfer raw pointers to the output parser only after successful initialization, preventing partial-state ownership confusion.

Before vs After

Before:
segment and reader could be freed twice on function return, corrupting the heap.

After:
Parser resources have a single clear owner and are freed exactly once via RAII, even on failure paths.

Testing

• Run existing tests that invoke test::ParseMkvFile().
• Verified under ASan/UBSan to ensure no double-free reports on previously affected paths.