Memory leaks after onig_new(), onig_free() when parsing regexp "\(("

[hannob]

For some inputs onig_new() allocates memory that doesn't get free'd, even if one subsequently calls onig_free on the created regexp. This makes fuzzing oniguruma harder, because a fuzzing process with a tool like libfuzzer will constantly grow in memory usage due to the leaks.

Example code:

#include <stdio.h>
#include <oniguruma.h>

int main()
{
    regex_t *reg;
    char foo[4] = "\((";
    if (onig_new
        (&reg, (const OnigUChar *)foo, (const OnigUChar *)(foo+3), ONIG_OPTION_DEFAULT, ONIG_ENCODING_UTF8,
         ONIG_SYNTAX_DEFAULT, 0) == 0) {
        printf("success, freeing regexp\n");
        onig_free(reg);
    }
    return 0;
}

If you run this with a memory leak detector (e.g. valgrind or newer versions of address sanitizer) it'll report leaked memory.

Here's a debugging output from asan:

==11769==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x4c1678 in __interceptor_malloc (/mnt/ram/a.out+0x4c1678)
    #1 0x4fe15a in node_new /mnt/ram/oniguruma/src/regparse.c:1072:18
    #2 0x4fe15a in node_new_enclose /mnt/ram/oniguruma/src/regparse.c:1278
    #3 0x4fe15a in node_new_enclose_memory /mnt/ram/oniguruma/src/regparse.c:1301
    #4 0x4fe15a in parse_enclose /mnt/ram/oniguruma/src/regparse.c:4639
    #5 0x4fe15a in parse_exp /mnt/ram/oniguruma/src/regparse.c:4899
    #6 0x4fd869 in parse_branch /mnt/ram/oniguruma/src/regparse.c:5222:7
    #7 0x4fb683 in parse_subexp /mnt/ram/oniguruma/src/regparse.c:5259:7
    #8 0x4f5349 in parse_regexp /mnt/ram/oniguruma/src/regparse.c:5304:7
    #9 0x4f5349 in onig_parse_make_tree /mnt/ram/oniguruma/src/regparse.c:5335
    #10 0x50f8c9 in onig_compile /mnt/ram/oniguruma/src/regcomp.c:5279:7
    #11 0x52a083 in onig_new /mnt/ram/oniguruma/src/regcomp.c:5518:7

Direct leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x4c1678 in __interceptor_malloc (/mnt/ram/a.out+0x4c1678)
    #1 0x4fe15a in node_new /mnt/ram/oniguruma/src/regparse.c:1072:18
    #2 0x4fe15a in node_new_enclose /mnt/ram/oniguruma/src/regparse.c:1278
    #3 0x4fe15a in node_new_enclose_memory /mnt/ram/oniguruma/src/regparse.c:1301
    #4 0x4fe15a in parse_enclose /mnt/ram/oniguruma/src/regparse.c:4639
    #5 0x4fe15a in parse_exp /mnt/ram/oniguruma/src/regparse.c:4899
    #6 0x4fd869 in parse_branch /mnt/ram/oniguruma/src/regparse.c:5222:7
    #7 0x4fb683 in parse_subexp /mnt/ram/oniguruma/src/regparse.c:5259:7
    #8 0x4fe326 in parse_enclose /mnt/ram/oniguruma/src/regparse.c:4649:7
    #9 0x4fe326 in parse_exp /mnt/ram/oniguruma/src/regparse.c:4899
    #10 0x4fd869 in parse_branch /mnt/ram/oniguruma/src/regparse.c:5222:7
    #11 0x4fb683 in parse_subexp /mnt/ram/oniguruma/src/regparse.c:5259:7
    #12 0x4f5349 in parse_regexp /mnt/ram/oniguruma/src/regparse.c:5304:7
    #13 0x4f5349 in onig_parse_make_tree /mnt/ram/oniguruma/src/regparse.c:5335
    #14 0x50f8c9 in onig_compile /mnt/ram/oniguruma/src/regcomp.c:5279:7
    #15 0x52a083 in onig_new /mnt/ram/oniguruma/src/regcomp.c:5518:7

SUMMARY: AddressSanitizer: 112 byte(s) leaked in 2 allocation(s).

[kkos]

Thank you.
I have fixed it in develop branch.