BUG/MINOR: tools: fix memory leak in env_expand() error path

When my_realloc2() fails in env_expand(), the code jumps to 'leave:' and
returns NULL, but the original input 'in' is never freed (it's only freed
at line 4919 in the success case). Given that callers typically pass it
the direct return of strdup(), it looks like it is expected to always be
freed. This can be backported everywhere.

diff --git a/src/tools.c b/src/tools.c
index 268951629547da4871c9405c4b114a78933b713f..23a865a8c458f97a792aa7527c403cf558c5dad7 100644 (file)
--- a/src/tools.c
+++ b/src/tools.c
@@ -4900,8 +4900,10 @@ char *env_expand(char *in)
                }
 
                out = my_realloc2(out, out_len + (txt_end - txt_beg) + val_len + 1);
-               if (!out)
+               if (!out) {
+                       free(in);
                        goto leave;
+               }
 
                if (txt_end > txt_beg) {
                        memcpy(out + out_len, txt_beg, txt_end - txt_beg);