diff --git a/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch b/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
new file mode 100644
index 0000000..9a11a57
--- /dev/null
+++ b/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
@@ -0,0 +1,39 @@
+From d70c640aecc30e9216dc1a614a207e85c8732036 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 27 May 2021 16:19:27 -0400
+Subject: [PATCH] Avoid memory leak if --args is specified multiple times
+
+Found by a static analyzer.
+
+```
+bubblewrap-0.4.1/bubblewrap.c:1500: overwrite_var: Overwriting "opt_args_data" in "opt_args_data = load_file_data(the_fd, &data_len)" leaks the storage that "opt_args_data" points to.
+ # 1498|              * keep allocated until exit time, since its argv entries get used
+ # 1499|              * by the other cases in parse_args_recurse() when we recurse. */
+ # 1500|->           opt_args_data = load_file_data (the_fd, &data_len);
+ # 1501|             if (opt_args_data == NULL)
+ # 1502|               die_with_error ("Can't read --args data");
+```
+---
+ bubblewrap.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/bubblewrap.c b/bubblewrap.c
+index 771e1ea..56ac07c 100644
+--- a/bubblewrap.c
++++ b/bubblewrap.c
+@@ -1494,6 +1494,12 @@ parse_args_recurse (int          *argcp,
+           if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
+             die ("Invalid fd: %s", argv[1]);
+ 
++          /* Specifying --args multiple times doesn't work; this just pacifies
++           * a static analyzer which pointed out the memory leak
++           */
++          if (opt_args_data != NULL)
++            free (opt_args_data);
++
+           /* opt_args_data is essentially a recursive argv array, which we must
+            * keep allocated until exit time, since its argv entries get used
+            * by the other cases in parse_args_recurse() when we recurse. */
+-- 
+2.31.1
+
diff --git a/bubblewrap.spec b/bubblewrap.spec
index 4422671..486c83b 100644
--- a/bubblewrap.spec
+++ b/bubblewrap.spec
@@ -1,12 +1,13 @@
 Name: bubblewrap
 Version: 0.4.1
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Core execution tool for unprivileged containers
 
 License: LGPLv2+
 #VCS: git:https://github.com/projectatomic/bubblewrap
 URL: https://github.com/projectatomic/bubblewrap
 Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz
+Patch0: 0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
 
 BuildRequires: autoconf automake libtool
 BuildRequires: gcc
@@ -46,6 +47,9 @@ find %{buildroot} -name '*.la' -delete -print
 %{_mandir}/man1/*
 
 %changelog
+* Thu May 27 2021 Colin Walters <walters@verbum.org> - 0.4.1-5
+- Backport https://github.com/containers/bubblewrap/pull/426
+
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-4
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937