optparse: fix segfault on optparse_reg_subcommand() failure

Problem: When an error in a subcommand definition causes the
registration of the subcommand to fail, liboptparse crashes due to
a double free.

This issue occurs whenever an optparse subcommand object is freed
before its parent. When the subcommand is unlinked from the parent
in optparse_destroy(), the zhash free function is called, which ends
up calling optparse_destroy() again.

If p->parent != NULL in optparse_destroy(), then the function is being
called directly on a child. After the call to zhash_delete(), return
immediately and let the destructor finish the rest of the cleanup.

Fixes #5731

Author: grondo

src/common/liboptparse/optparse.c

@@ -697,8 +697,19 @@ void optparse_destroy (optparse_t *p)
         return;
 
     /* Unlink from parent */
-    if (p->parent && p->parent->subcommands)
+    if (p->parent && p->parent->subcommands) {
         zhash_delete (p->parent->subcommands, p->program_name);
+        /*
+         * zhash_delete() will call optparse_child_destroy(), which
+         * calls optparse_destroy() again. Return now and allow the
+         * rest of the optparse object to be freed on the next pass.
+         * (optparse_child_destroy() set p->parent = NULL)
+         *
+         * Note: This code path only occurs if a subcommand optparse
+         *  object is destroyed before its parent.
+         */
+        return;
+    }
 
     zlist_destroy (&p->option_list);
     zhash_destroy (&p->dhash);