Fix memory leaks

libr/anal/dwarf_process.c

@@ -272,6 +272,10 @@ static st32 parse_type(Context *ctx, const ut64 offset, RStrBuf *strbuf, ut64 *s
 	}
 	if (visited && set_u_contains (*visited, offset)) {
 		R_LOG_WARN ("anal.dwarf.parse_type: infinite recursion detected");
+		if (root) {
+			set_u_free (*visited);
+			free (visited);
+		}
 		return -1;
 	}
 	set_u_add (*visited, offset);
@@ -483,6 +487,7 @@ static RAnalEnumCase *parse_enumerator(Context *ctx, ut64 idx, RAnalEnumCase *re
 		RBinDwarfAttrValue *value = &die->attr_values[i];
 		switch (die->attr_values[i].attr_name) {
 		case DW_AT_name:
+			free (name);
 			name = get_die_name (die);
 			if (!name) {
 				goto cleanup;
@@ -497,7 +502,10 @@ static RAnalEnumCase *parse_enumerator(Context *ctx, ut64 idx, RAnalEnumCase *re
 		}
 	}
 
-	result->name = name;
+	if (result->name != name) {
+		free (result->name);
+		result->name = name;
+	}
 	result->val = (int)val;
 	return result;
 cleanup:
@@ -616,7 +624,7 @@ static void parse_enum_type(Context *ctx, ut64 idx) {
 		base_type->type = r_strbuf_drain_nofree (&strbuf);
 	}
 
-	RAnalEnumCase cas;
+	RAnalEnumCase cas = {0};
 	if (die->has_children) {
 		int child_depth = 1; // Direct children of the node
 		size_t j;
@@ -634,6 +642,7 @@ static void parse_enum_type(Context *ctx, ut64 idx) {
 					enum_type_case_free (result, NULL);
 					goto cleanup;
 				}
+				cas.name = NULL;
 			}
 			if (child_die->has_children) {
 				child_depth++;

libr/anal/sign.c

@@ -1332,6 +1332,8 @@ static double matchBytes(RSignItem *a, RSignItem *b) {
 		}
 		if (a->bytes->mask) {
 			memcpy (combined_mask, a->bytes->mask, min_size);
+		} else {
+			memset (combined_mask, 0xff, min_size);
 		}
 		if (b->bytes->mask) {
 			int i;

libr/arch/p/arm/armass64.c

@@ -1618,7 +1618,7 @@ static bool parseOperands(char *str, ArmOp *op) {
 	int mem_opt = 0;
 	int msr_op_index = 0;
 	size_t index_bound = strcspn (t, "]");
-	if (!token) {
+	if (!t) {
 		return false;
 	}
 
@@ -1634,6 +1634,7 @@ static bool parseOperands(char *str, ArmOp *op) {
 		}
 		if (operand >= MAX_OPERANDS) {
 			R_LOG_ERROR ("Too many operands");
+			free (t);
 			return false;
 		}
 		op->operands[operand].type = ARM_NOTYPE;
@@ -1723,6 +1724,7 @@ static bool parseOperands(char *str, ArmOp *op) {
 				token++;
 			}
 			if (!*token || !isdigit ((unsigned char)*token)) {
+				free (t);
 				return false;
 			}
 			op->operands[operand].shift_amount = r_num_math (NULL, token);
@@ -1748,6 +1750,7 @@ static bool parseOperands(char *str, ArmOp *op) {
 			}
 			if (!*token || !isdigit ((unsigned char)*token)) {
 				if (present) {
+					free (t);
 					return false;
 				}
 				op->operands[operand].shift_amount = 0;

libr/arch/p/cosmac/pseudo.c

@@ -94,6 +94,7 @@ static char *parse(RAsmPluginSession *aps, const char *data) {
 #endif
 	const char *op0 = buf;
 	if (!strcmp (op0, "ret") || !strcmp (op0, "sret")) {
+		free (buf);
 		return strdup ("return r0");
 	}
 	char *str = malloc (strlen (data) + 128);

libr/arch/p/x86_nz/pseudo.c

@@ -192,6 +192,7 @@ static char *parse(RAsmPluginSession *aps, const char *data) {
 	*w0 = *w1 = *w2 = *w3 = '\0';
 	if (strchr (data, '(')) {
 		// avoid double-pseudo calls
+		free (buf);
 		return NULL;
 	}
 	char *str = NULL;
@@ -378,7 +379,7 @@ static char *patch(RAsmPluginSession *aps, RAnalOp *aop, const char *op) {
 			R_LOG_ERROR ("Cant fit a nop in here");
 			return false;
 		}
-		char *hcmd = malloc ((size * 2) + 5);
+		hcmd = malloc ((size * 2) + 5);
 		if (!hcmd) {
 			return false;
 		}

libr/asm/parse.c

@@ -101,7 +101,9 @@ R_API char *r_asm_parse_immbase(RAsm *a, const char *_opstr, int base) {
 		}
 	}
 	r_strbuf_append (sb, last);
-	return r_strbuf_drain (sb);
+	char *result = r_strbuf_drain (sb);
+	free (opstr);
+	return result;
 }
 
 // TODO : make them internal?

libr/bin/format/elf/elf.c

@@ -5054,6 +5054,7 @@ static RVecRBinElfSymbol *_load_additional_imported_symbols(ELFOBJ *eo, ImportIn
 		if (symbol->is_imported) {
 			if (limit > 0 && count++ > limit) {
 				R_LOG_WARN ("eo.limit reached for imports");
+				free (isym);
 				break;
 			}
 			RVecRBinElfSymbol_push_back (imports, symbol);

libr/bin/format/mach0/mach0.c

@@ -3099,13 +3099,14 @@ static void parse_symbols(RBinFile *bf, struct MACH0_(obj_t) *mo, HtPP *symcache
 				sym->name = r_bin_name_new (symbol.name);
 			} else {
 				char *name = r_str_newf ("entry%u", (ut32)i);
-				sym->name = r_bin_name_new (symbol.name);
+				sym->name = r_bin_name_new (name);
 				free (name);
 			}
 			sym->type = symbol.type == R_BIN_MACH0_SYMBOL_TYPE_LOCAL? "LOCAL": "EXT";
 			sym->is_imported = symbol.is_imported;
 			sym->ordinal = ordinal++;
 			_enrich_symbol (bf, mo, symcache, sym);
+			free (symbol.name);
 		}
 	}
 

libr/bin/format/objc/mach0_classes.c

@@ -331,9 +331,6 @@ static void get_ivar_list(RBinFile *bf, RBinClass *klass, mach0_ut p) {
 			return;
 		}
 		field = R_NEW0 (RBinField);
-		if (!field) {
-			break;
-		}
 		memset (&i, '\0', sizeof (struct MACH0_(SIVar)));
 		if (r + left < r || r + sizeof (struct MACH0_(SIVar)) < r) {
 			goto error;
@@ -452,6 +449,8 @@ static void get_ivar_list(RBinFile *bf, RBinClass *klass, mach0_ut p) {
 				field = NULL;
 			} else {
 				R_LOG_WARN ("field name is empty");
+				r_bin_field_free (field);
+				field = NULL;
 			}
 		} else {
 			R_LOG_DEBUG ("va2pa error");
@@ -462,16 +461,14 @@ static void get_ivar_list(RBinFile *bf, RBinClass *klass, mach0_ut p) {
 	}
 	r_list_sort (klass->fields, sort_by_offset);
 	RBinField *isa = R_NEW0 (RBinField);
-	if (isa) {
-		isa->name = r_bin_name_new ("isa");
-		isa->size = sizeof (mach0_ut);
-		isa->type = r_bin_name_new ("struct objc_class *");
-		// TODO r_bin_name_demangled (isa->type, "ObjC.Class*");
-		isa->kind = R_BIN_FIELD_KIND_VARIABLE;
-		isa->vaddr = 0;
-		isa->offset = 0;
-		r_list_prepend (klass->fields, isa);
-	}
+	isa->name = r_bin_name_new ("isa");
+	isa->size = sizeof (mach0_ut);
+	isa->type = r_bin_name_new ("struct objc_class *");
+	// TODO r_bin_name_demangled (isa->type, "ObjC.Class*");
+	isa->kind = R_BIN_FIELD_KIND_VARIABLE;
+	isa->vaddr = 0;
+	isa->offset = 0;
+	r_list_prepend (klass->fields, isa);
 	return;
 error:
 	r_bin_field_free (field);
@@ -530,10 +527,7 @@ static void get_objc_property_list(RBinFile *bf, RBinClass *klass, mach0_ut p) {
 			return;
 		}
 
-		if (!(property = R_NEW0 (RBinField))) {
-			// retain just for debug
-			return;
-		}
+		property = R_NEW0 (RBinField);
 
 		memset (&op, '\0', sizeof (struct MACH0_(SObjcProperty)));
 
@@ -767,10 +761,6 @@ static void get_method_list(RBinFile *bf, RBinClass *klass, const char *class_na
 		}
 
 		method = R_NEW0 (RBinSymbol);
-		if (!method) {
-			// retain just for debug
-			return;
-		}
 		struct MACH0_(SMethod) m = {0};
 		if (r + left < r || r + read_size < r) {
 			goto error;
@@ -1659,9 +1649,6 @@ static void parse_type(RBinFile *bf, RList *list, SwiftType st, HtUP *symbols_ht
 				break;
 			}
 			RBinField *field = R_NEW0 (RBinField);
-			if (!field) {
-				break;
-			}
 			ut64 field_name_addr = st.fieldmd.addr + (d * 4) + st.fieldmd_data[d];
 			ut64 field_type_addr = st.fieldmd.addr + (d * 4) + st.fieldmd_data[d - 1] - 4;
 			ut64 field_method_addr = field_name_addr;

libr/bin/mangling/cxx/cp-demangle.c

@@ -4674,6 +4674,7 @@ d_print_comp_inner (struct d_print_info *dpi, int options,
 	struct d_print_mod adpm[4];
 	unsigned int i;
 	struct d_print_template dpt;
+	int is_template;
 
 	/* Pass the name down to the type so that it can be printed in
 	   the right place for the type.  We also have to pass down
@@ -4747,7 +4748,8 @@ d_print_comp_inner (struct d_print_info *dpi, int options,
 
 	/* If typed_name is a template, then it applies to the
 	   function type as well.  */
-	if (typed_name->type == DEMANGLE_COMPONENT_TEMPLATE)
+	is_template = typed_name->type == DEMANGLE_COMPONENT_TEMPLATE;
+	if (is_template)
 	  {
 	    dpt.next = dpi->templates;
 	    dpi->templates = &dpt;
@@ -4756,7 +4758,7 @@ d_print_comp_inner (struct d_print_info *dpi, int options,
 
 	d_print_comp (dpi, options, d_right (dc));
 
-	if (typed_name->type == DEMANGLE_COMPONENT_TEMPLATE)
+	if (is_template)
 	  dpi->templates = dpt.next;
 
 	/* If the modifiers didn't get printed by the type, print them

libr/bin/mangling/objc.c

@@ -79,17 +79,14 @@ R_API char *r_bin_demangle_objc(RBinFile *bf, const char *sym) {
 	}
 	if (sym[0] == '_' && sym[1] && sym[2] == '_') { // gnu style
 		free (clas);
+		free (name);
 		clas = strdup (sym + 3);
 		args = strstr (clas, "__");
 		if (!args) {
 			free (clas);
-			if (name != clas) {
-				free (name);
-			}
 			return NULL;
 		}
 		*args = 0;
-		free (name);
 		name = strdup (args + 2);
 		if (!name) {
 			free (clas);

libr/bin/p/bin_dyldcache.c

@@ -598,6 +598,7 @@ static void create_cache_bins(RBinFile *bf, RDyldCache *cache) {
 	if (cache->images_are_global) {
 		img = read_cache_images (cache->buf, cache->hdr, 0);
 		if (!img) {
+			free (deps);
 			return;
 		}
 	}

libr/core/cmd.c

@@ -1034,6 +1034,7 @@ static void cmd_remote(RCore *core, const char *input, bool retry) {
 		const size_t buf_size = 1024;
 		char *buf = calloc (buf_size, 1);
 		if (!buf) {
+			free (host);
 			return;
 		}
 		void *bed = r_cons_sleep_begin (core->cons);
@@ -4970,6 +4971,7 @@ repeat:;
 				if (R_STR_ISNOTEMPTY (n)) {
 					ut64 v = r_num_math (core->num, n);
 					if (core->num->nc.errors == 0) {
+						free (k);
 						r_core_seek (core, v, true);
 						cmd_tmpseek = core->tmpseek = true;
 						goto fuji;

libr/core/vslides.c

@@ -124,14 +124,15 @@ static void render(SlidesState *state, RCore *core, RList *list, int mode, int p
 		char *prefix = r_str_pad (NULL, 0, ' ', w);
 		char *no = r_str_prefix_all (o2, prefix);
 		free (prefix);
-		free (o);
 		free (o2);
+		free (o);
 		o = no;
 		r_cons_print (cons, o);
 	} else {
 		char *no = r_str_ansi_crop (o, sx, sy, w, h);
 		r_cons_print (cons, no);
 		free (no);
+		o = NULL;
 	}
 	free (o);
 }

libr/debug/p/native/linux/linux_debug.c

@@ -854,6 +854,8 @@ RList *linux_pid_list(int pid, RList *list) {
 		// Unless pid 0 is requested, only add the requested pid and it's child processes
 		if (0 == pid || i == pid || pid_info->ppid == pid) {
 			r_list_append (list, pid_info);
+		} else {
+			r_debug_pid_free (pid_info);
 		}
 	}
 	closedir (dh);

libr/flag/flag.c

@@ -830,6 +830,7 @@ R_API RFlagItem *r_flag_set(RFlag *f, const char *name, ut64 addr, ut32 size) {
 	// this should never happen because the name is filtered before..
 	if (!r_name_check (itemname)) {
 		R_LOG_ERROR ("Invalid flag name '%s'", name);
+		free (itemname);
 		return NULL;
 	}
 

libr/io/io_cache.c

@@ -4,9 +4,10 @@
 
 static int _ci_start_cmp_cb(void *incoming, void *in, void *user) {
 	RIOCacheItem *incoming_ci = (RIOCacheItem *)incoming, *in_ci = (RIOCacheItem *)in;
-	if (R_UNLIKELY (!in_ci->tree_itv)) {
+	if (R_UNLIKELY (!in_ci->tree_itv || !incoming_ci->tree_itv)) {
 		R_LOG_ERROR ("io cache tree corrupted");
 		r_sys_backtrace ();
+		return 0;
 	}
 	if (incoming_ci->tree_itv->addr < in_ci->tree_itv->addr) {
 		return -1;
@@ -309,13 +310,15 @@ R_API int r_io_cache_invalidate(RIO *io, ut64 from, ut64 to, bool many) {
 					ci->data = cidata;
 				} else {
 					R_LOG_WARN ("first realloc failed");
+					_io_cache_item_free (_ci);
 					continue;
 				}
 				ut8 *ciodata = realloc (ci->odata, (size_t)r_itv_size (ci->itv));
 				if (ciodata) {
 					ci->odata = ciodata;
 				} else {
 					R_LOG_WARN ("second realloc failed");
+					_io_cache_item_free (_ci);
 					continue;
 				}
 				if (ci->tree_itv) {

libr/main/radare2.c

@@ -386,6 +386,8 @@ static int main_print_var(const char *var_name) {
 	free (rcfile);
 	free (incdir);
 	free (libdir);
+	free (bindir);
+	free (mandir);
 	free (confighome);
 	free (historyhome);
 	free (datahome);

libr/socket/socket_http_server.c

@@ -104,6 +104,7 @@ R_API RSocketHTTPRequest *r_socket_http_accept(RSocket *s, RSocketHTTPOptions *s
 		if (content_length >= ST32_MAX) {
 			r_socket_http_close (hr);
 			r_socket_free (hr->s);
+			free (hr);
 			R_LOG_ERROR ("Could not allocate hr data");
 			return NULL;
 		}

libr/util/asn1.c

@@ -143,6 +143,7 @@ R_API RASN1Object *r_asn1_object_parse(const ut8 *buffer_base, const ut8 *buffer
 		}
 		ut32 count = asn1_count_objects (object->sector, object->length);
 		if (count == -1) {
+			free (object);
 			return NULL;
 		}
 		if (count > 0) {
@@ -181,6 +182,7 @@ R_API RAsn1 *r_asn1_new(const ut8 *buffer, int length, int fmtmode) {
 	}
 	a->root = r_asn1_object_parse (buffer, buffer, length, fmtmode);
 	if (a->root == NULL) {
+		r_asn1_free (a);
 		return NULL;
 	}
 	if (fmtmode == 'j') {

libr/util/charset.c

@@ -215,6 +215,7 @@ R_API size_t r_charset_encode_str(RCharset *rc, ut8 *out, size_t out_len, const
 		if (res) {
 			size_t reslen = strlen (res);
 			if (reslen >= o_end - o) {
+				free (res);
 				break;
 			}
 			fine = true;