Fix leaddrs leak (#15417)

libr/anal/anal.c

@@ -173,6 +173,7 @@ R_API RAnal *r_anal_new(void) {
 	anal->fcn_tree = NULL;
 	anal->fcn_addr_tree = NULL;
 	anal->refs = r_anal_ref_list_new ();
+	anal->leaddrs = NULL;
 	r_anal_set_bits (anal, 32);
 	anal->plugins = r_list_newf ((RListFree) r_anal_plugin_free);
 	if (anal->plugins) {
@@ -213,6 +214,7 @@ R_API RAnal *r_anal_free(RAnal *a) {
 	r_rbtree_free (a->rb_hints_ranges, __anal_hint_range_tree_free);
 	ht_up_free (a->dict_refs);
 	ht_up_free (a->dict_xrefs);
+	r_list_free (a->leaddrs);
 	a->sdb = NULL;
 	sdb_ns_free (a->sdb);
 	if (a->esil) {

libr/anal/fcn.c

@@ -747,10 +747,9 @@ static int fcn_recurse(RAnal *anal, RAnalFunction *fcn, ut64 addr, ut64 len, int
 		return R_ANAL_RET_ERROR; // MUST BE NOT DUP
 	}
 
-	static RList *leaddrs = NULL;
-	if (!leaddrs) {
-		leaddrs = r_list_new (); // TODO: leaks
-		if (!leaddrs) {
+	if (!anal->leaddrs) {
+		anal->leaddrs = r_list_newf (free);
+		if (!anal->leaddrs) {
 			eprintf ("Cannot create leaddr list\n");
 			return R_ANAL_RET_ERROR;
 		}
@@ -1021,7 +1020,7 @@ repeat:
 					}
 					pair->op_addr = op.addr;
 					pair->leaddr = op.ptr; // XXX movdisp is dupped but seems to be trashed sometimes(?), better track leaddr separately
-					r_list_append (leaddrs, pair);
+					r_list_append (anal->leaddrs, pair);
 				}
 				if (op.dst && op.dst->reg && op.dst->reg->name && op.ptr > 0 && op.ptr != UT64_MAX) {
 					free (last_reg_mov_lea_name);
@@ -1272,7 +1271,7 @@ repeat:
 					RListIter *iter;
 					leaddr_pair *pair;
 					// find nearest candidate leaddr before op.addr
-					r_list_foreach (leaddrs, iter, pair) {
+					r_list_foreach (anal->leaddrs, iter, pair) {
 						if (pair->op_addr >= op.addr) {
 							continue;
 						}
@@ -1283,7 +1282,7 @@ repeat:
 						}
 					}
 					if (lea_op_iter) {
-						r_list_delete (leaddrs, lea_op_iter);
+						r_list_delete (anal->leaddrs, lea_op_iter);
 					}
 					ut64 table_size = cmpval + 1;
 					ret = try_walkthrough_jmptbl (anal, fcn, depth, op.addr, jmptbl_base, jmptbl_base, 4, table_size, -1, ret);

libr/core/canal.c

@@ -894,6 +894,8 @@ static int core_anal_fcn(RCore *core, ut64 at, ut64 from, int reftype, int depth
 			}
 		}
 	} while (fcnlen != R_ANAL_RET_END);
+	r_list_free (core->anal->leaddrs);
+	core->anal->leaddrs = NULL;
 	if (has_next) {
 		for (i = 0; i < nexti; i++) {
 			if (!next[i] || r_anal_get_fcn_in (core->anal, next[i], 0)) {
@@ -913,6 +915,8 @@ static int core_anal_fcn(RCore *core, ut64 at, ut64 from, int reftype, int depth
 	return true;
 
 error:
+	r_list_free (core->anal->leaddrs);
+	core->anal->leaddrs = NULL;
 	// ugly hack to free fcn
 	if (fcn) {
 		if (!r_anal_fcn_size (fcn) || fcn->addr == UT64_MAX) {

libr/include/r_anal.h

@@ -728,6 +728,7 @@ typedef struct r_anal_t {
 	RList *imports; // global imports
 	SetU *visited;
 	RStrConstPool constpool;
+	RList *leaddrs;
 } RAnal;
 
 typedef struct r_anal_hint_t {