We must release the expression here, found via afl++ and
-fsanitize-address build.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/parser_bison.y | 1 +
.../shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath | 5 +++++
2 files changed, 6 insertions(+)
create mode 100644 tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 3e0f08b22c44..91c4d263dc73 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -5338,6 +5338,7 @@ meta_stmt : META meta_key SET stmt_expr close_scope_meta
free_const($2);
if (erec != NULL) {
erec_queue(erec, state->msgs);
+ expr_free($4);
YYERROR;
}
diff --git a/tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath b/tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath
new file mode 100644
index 000000000000..917e8bf83f6a
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/memleak_on_meta_set_errpath
@@ -0,0 +1,5 @@
+table filter {
+ chain y {
+ meta seccark set ct secmark
+ }
+}
--
2.41.0
