For all execution paths in parse_def(), free the id string before returning. Previous implementations fail to do this if the configuration: (1) tries to reference the child of a non-compound node, or (2) does not provide a valid argument after an assignment ('=') operator. For example, the invocations: (1) snd_config_load_string(&conf, "foo 0 foo.a 1", 0) (2) snd_config_load_string(&conf, "bar =", 0) would leak the strings "foo" or "bar", respectively. Signed-off-by: Sebastian Berger <sebastian.berger@xxxxxxxxxxx> --- src/conf.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/conf.c b/src/conf.c index 70f0e773..8a09505b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1403,7 +1403,8 @@ static int parse_def(snd_config_t *parent, input_t *input, int skip, int overrid if (mode != OVERRIDE) { if (n->type != SND_CONFIG_TYPE_COMPOUND) { SNDERR("%s is not a compound", id); - return -EINVAL; + err = -EINVAL; + goto __end; } n->u.compound.join = true; parent = n; @@ -1425,8 +1426,10 @@ static int parse_def(snd_config_t *parent, input_t *input, int skip, int overrid } if (c == '=') { c = get_nonwhite(input); - if (c < 0) - return c; + if (c < 0) { + err = c; + goto __end; + } } if (!skip) { if (_snd_config_search(parent, id, -1, &n) == 0) { -- 2.35.1