libretro-common/queues: add task_free_error + document set/free protocol

task_set_title() and task_set_error() take ownership of a heap
pointer and rely on the task system to free it at completion, but
neither setter frees the *previous* value -- so calling either one
twice on the same task without an intervening free leaks the prior
string.  task_free_title() has long existed for the title side of
this protocol; the error side had no symmetric helper at all,
forcing callers that legitimately needed to update the error mid-
task to either guard with task_get_error() or just live with the
leak.

This commit:

* Adds task_free_error(), symmetric to the pre-existing
  task_free_title() (both lock property_lock under HAVE_THREADS,
  free if non-NULL, NULL out the field).

* Documents the free-then-set protocol clearly in
  queues/task_queue.h on both setters, both struct fields, and
  cross-references the helpers via @see -- the previous "@warning
  This does not free the existing X" line was correct but easy to
  miss, and three sites in tasks/task_cloudsync.c missed it.

* Fixes those three task_cloudsync.c violators (lines 107, 1281,
  1331).  task_cloudsync sets the initial title at line 1439 via
  direct assignment, then later replaces it via task_set_title in
  three callbacks without calling task_free_title first.  Each
  replacement leaks the prior strdup.

* Adds a regression test under libretro-common/samples/queues/
  task_queue_title_error_test/ exercising both helpers and the
  free-then-set protocol (single-set, replace-via-free, free-on-
  null no-op, double-free no-op, 50-iteration stress chain).
  Wires it into the existing libretro-common-samples CI workflow,
  so it builds under -fsanitize=address,undefined and LSan flags
  any future regression to the protocol.

The test compiles task_queue.c without HAVE_THREADS so the slock /
scond / sthread paths drop out cleanly -- the title/error
protocol is identical with and without threading; the locks just
serialise it.  The single remaining external dependency
(cpu_features_get_time_usec) is provided as a trivial stub since
no test path drives the queue through gather().

Verified pre-patch: the test fails to link without task_free_error
(undefined reference), confirming it genuinely exercises the new
symbol rather than passing trivially.

Verified post-patch: ASan + UBSan + LSan clean, all ten cases
pass.

Author: LibretroAdmin

.github/workflows/Linux-libretro-common-samples.yml

@@ -77,6 +77,7 @@ jobs:
             rpng_chunk_overflow_test
             rpng_roundtrip_test
             word_wrap_overflow_test
+            task_queue_title_error_test
           )
 
           # Per-binary run command (overrides ./<binary> if present).

libretro-common/include/queues/task_queue.h

@@ -209,7 +209,13 @@ struct retro_task
     * Human-readable details about an error that occurred while running the task.
     * Should be created and assigned within \c handler if there was an error.
     * Will be cleaned up by the task queue with \c free() upon this task's completion.
+    *
+    * If \c handler may set this more than once on the same task,
+    * call \c task_free_error before the subsequent \c task_set_error
+    * to avoid leaking the previous string.
+    *
     * @see task_set_error
+    * @see task_free_error
     */
    char *error;
 
@@ -230,8 +236,14 @@ struct retro_task
     * May be \c NULL,
     * but if not then it will be disposed of by the task system with \c free()
     * upon this task's completion.
-    * Can be modified or replaced at any time.
+    *
+    * Can be modified or replaced at any time, but \c task_set_title
+    * does \em not free the previous value: callers must call
+    * \c task_free_title first to avoid leaking the prior title.
+    *
     * @see strdup
+    * @see task_set_title
+    * @see task_free_title
     */
    char *title;
 
@@ -413,12 +425,27 @@ void task_set_flags(retro_task_t *task, uint8_t flags, bool set);
  * Sets \c task::error to the given value.
  * Thread-safe if the task queue is threaded.
  *
+ * Ownership of \c error transfers to the task; the task system
+ * will \c free() it when the task completes (or via
+ * \c task_free_error).  \c error must therefore point to memory
+ * obtained via \c malloc / \c strdup / similar -- string
+ * literals or stack buffers will cause an invalid free later.
+ *
+ * @warning This does \em not free the previous error message.
+ * When replacing an already-set error, callers \em must call
+ * \c task_free_error first to avoid a leak:
+ * @code
+ *    task_free_error(task);
+ *    task_set_error(task, strdup("New error"));
+ * @endcode
+ * Alternatively, guard with \c task_get_error so the second
+ * \c task_set_error is skipped when an error is already set.
+ *
  * @param task The task to modify.
  * Behavior is undefined if \c NULL.
  * @param error The error message to set.
  * @see retro_task::error
- * @warning This does not free the existing error message.
- * The caller must do that itself.
+ * @see task_free_error
  */
 void task_set_error(retro_task_t *task, char *error);
 
@@ -437,13 +464,25 @@ void task_set_progress(retro_task_t *task, int8_t progress);
  * Sets \c task::title to the given value.
  * Thread-safe if the task queue is threaded.
  *
+ * Ownership of \c title transfers to the task; the task system
+ * will \c free() it when the task completes (or via
+ * \c task_free_title).  \c title must therefore point to memory
+ * obtained via \c malloc / \c strdup / similar -- string
+ * literals or stack buffers will cause an invalid free later.
+ *
+ * @warning This does \em not free the previous title.  When
+ * replacing an already-set title, callers \em must call
+ * \c task_free_title first to avoid a leak:
+ * @code
+ *    task_free_title(task);
+ *    task_set_title(task, strdup("New title"));
+ * @endcode
+ *
  * @param task The task to modify.
  * Behavior is undefined if \c NULL.
  * @param title The title to set.
  * @see retro_task::title
  * @see task_free_title
- * @warning This does not free the existing title.
- * The caller must do that itself.
  */
 void task_set_title(retro_task_t *task, char *title);
 
@@ -467,6 +506,15 @@ void task_set_data(retro_task_t *task, void *data);
  */
 void task_free_title(retro_task_t *task);
 
+/**
+ * Frees the \c task's error message, if any.
+ * Thread-safe if the task queue is threaded.
+ *
+ * @param task The task to modify.
+ * @see task_set_error
+ */
+void task_free_error(retro_task_t *task);
+
 /**
  * Returns \c task::error.
  * Thread-safe if the task queue is threaded.

libretro-common/queues/task_queue.c

@@ -1023,6 +1023,19 @@ void task_free_title(retro_task_t *task)
 #endif
 }
 
+void task_free_error(retro_task_t *task)
+{
+#ifdef HAVE_THREADS
+   slock_lock(property_lock);
+#endif
+   if (task->error)
+      free(task->error);
+   task->error = NULL;
+#ifdef HAVE_THREADS
+   slock_unlock(property_lock);
+#endif
+}
+
 void* task_get_data(retro_task_t *task)
 {
    void *data = NULL;

libretro-common/samples/queues/task_queue_title_error_test/Makefile

@@ -0,0 +1,37 @@
+TARGET := task_queue_title_error_test
+
+LIBRETRO_COMM_DIR := ../../..
+
+# task_queue.c (without HAVE_THREADS / HAVE_GCD) is self-contained
+# apart from cpu_features_get_time_usec(); the test file provides a
+# trivial stub for that symbol so we don't have to drag in
+# features_cpu.c (which would pull in a much larger dependency
+# graph).  Build task_queue.c without HAVE_THREADS so the slock /
+# scond / sthread paths compile out cleanly -- the title/error
+# protocol is identical with and without threading; the locks just
+# serialise it.
+SOURCES := \
+	task_queue_title_error_test.c \
+	$(LIBRETRO_COMM_DIR)/queues/task_queue.c
+
+OBJS := $(SOURCES:.c=.o)
+
+CFLAGS += -Wall -pedantic -std=gnu99 -g -O0 -I$(LIBRETRO_COMM_DIR)/include
+
+ifneq ($(SANITIZER),)
+   CFLAGS  := -fsanitize=$(SANITIZER) -fno-omit-frame-pointer $(CFLAGS)
+   LDFLAGS := -fsanitize=$(SANITIZER) $(LDFLAGS)
+endif
+
+all: $(TARGET)
+
+%.o: %.c
+	$(CC) -c -o $@ $< $(CFLAGS)
+
+$(TARGET): $(OBJS)
+	$(CC) -o $@ $^ $(LDFLAGS)
+
+clean:
+	rm -f $(TARGET) $(OBJS)
+
+.PHONY: clean