From ebe72a9ec1e9f96c818ee707ecbc81201680a8a8 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Sun, 30 Apr 2017 22:16:16 -0700
Subject: ffi: fix destructor related leaks and corruption.

* ffi.c (ffi_type_struct_destroy_op): Do not free the
elements[] array of the ffi_type. They are often not
dynamically allocated at all, and if they are, the management
of that belongs to the child object. On the other hand, the
elements array itself must be freed, which was not being done!
(ffi_call_desc_destroy_op): Forgot to free the COBJ handle.
---
 ffi.c | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/ffi.c b/ffi.c
index 0999de77..272ea9d7 100644
--- a/ffi.c
+++ b/ffi.c
@@ -130,18 +130,8 @@ static void ffi_type_struct_destroy_op(val obj)
 {
   struct txr_ffi_type *tft = ffi_type_struct(obj);
   ffi_type *ft = tft->ft;
-
-  if (ft != 0) {
-    int i;
-    for (i = 0; ; i++) {
-      ffi_type *el = ft->elements[i];
-      if (!el)
-        break;
-      free(el);
-    }
-    ft->elements = 0;
-  }
-
+  free(ft->elements);
+  ft->elements = 0;
   free(ft);
   tft->ft = 0;
   free(tft);
@@ -1605,6 +1595,7 @@ static void ffi_call_desc_destroy_op(val obj)
   struct txr_ffi_call_desc *tfcd = ffi_call_desc(obj);
   free(tfcd->args);
   tfcd->args = 0;
+  free(tfcd);
 }
 
 static void ffi_call_desc_mark_op(val obj)
-- 
cgit v1.2.3