BUG/MINOR: arg: free all args on make_arg_list()'s error path
While we do free the array containing the arguments, we do not free
allocated ones. Most of them are unresolved, but strings are allocated
and have to be freed as well. Note that for the sake of not breaking
the args resolution list that might have been set, we still refrain
from doing this if a resolution was already programmed, but for most
common cases (including the ones that can be found in config conditions
and at run time) we're safe.
This may be backported to stable branches, but it relies on the new
free_args() function that was introduced by commit ab213a5b6 ("MINOR:
arg: add a free_args() function to free an args array"), and which is
likely safe to backport as well.
This leak was reported by oss-fuzz (issue 36265).
diff --git a/src/arg.c b/src/arg.c
index be27c45..140fbef 100644
--- a/src/arg.c
+++ b/src/arg.c
@@ -394,6 +394,7 @@
/* only free the arg area if we have not queued unresolved args
* still pointing to it.
*/
+ free_args(*argp);
free(*argp);
}
*argp = NULL;