From 2722f5afe48a9a4089d41f75ec65d090934cfa52 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Tue, 11 May 2021 07:39:57 +0200
Subject: [PATCH] - Fixed double free when calling lzx_huffman_init frees
 pointer ds - Fixed leak of rar before ending with error

---
 libarchive/archive_read_support_format_cab.c  | 1 -
 libarchive/archive_read_support_format_rar5.c | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
index 43738b5..950f3d2 100644
--- a/libarchive/archive_read_support_format_cab.c
+++ b/libarchive/archive_read_support_format_cab.c
@@ -2110,7 +2110,6 @@ lzx_decode_init(struct lzx_stream *strm, int w_bits)
 		ds->pos_tbl = malloc(sizeof(ds->pos_tbl[0]) * w_slot);
 		if (ds->pos_tbl == NULL)
 			return (ARCHIVE_FATAL);
-		lzx_huffman_free(&(ds->mt));
 	}
 
 	for (footer = 0; footer < 18; footer++)
diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
index 58a61d1..5d62d16 100644
--- a/libarchive/archive_read_support_format_rar5.c
+++ b/libarchive/archive_read_support_format_rar5.c
@@ -4076,6 +4076,7 @@ int archive_read_support_format_rar5(struct archive *_a) {
 	if(ARCHIVE_OK != rar5_init(rar)) {
 		archive_set_error(&ar->archive, ENOMEM,
 		    "Can't allocate rar5 filter buffer");
+		free(rar);
 		return ARCHIVE_FATAL;
 	}
 
-- 
2.30.2