CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab

`archive_read_support_format_cab` allocates a fresh context structure on
each call before registering the CAB format with libarchive. On the
second call, however, the registration step reports the format is
already registered, so the function frees the newly allocated context
structure — it is not needed, since the one from the first call is
already in use.

The context structure contains a `ws` field of type `archive_wstring`.
During initialization, `archive_wstring_ensure` is called on that field,
which performs its own heap allocation.

The cleanup path described above frees the context structure without
also releasing the memory owned by the `ws` field, causing a leak.

Fixed by calling `archive_wstring_free` on the `ws` field before freeing
the context structure.

Fixes #1980.

diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
index 63755ef9e579fc6e113825a9b2db41fea0b15872..c4a67a72681ce98a522ec7923980f2102a9ab8a8 100644 (file)
--- a/libarchive/archive_read_support_format_cab.c
+++ b/libarchive/archive_read_support_format_cab.c
@@ -383,8 +383,10 @@ archive_read_support_format_cab(struct archive *_a)
            NULL,
            NULL);
 
-       if (r != ARCHIVE_OK)
+       if (r != ARCHIVE_OK) {
+               archive_wstring_free(&cab->ws);
                free(cab);
+       }
        return (ARCHIVE_OK);
 }