fix: leak in sentry__session_from_json (#1789)

* fix: leak in `sentry__session_from_json`

Release parsed session JSON values on early parse failures to avoid leaking
malformed cached session files.

Co-Authored-By: OpenAI Codex <noreply@openai.com>

* Update CHANGELOG.md

---------

Co-authored-by: OpenAI Codex <noreply@openai.com>

Author: jpnurmi

CHANGELOG.md

@@ -41,6 +41,7 @@
 - Fix signed-to-unsigned cast in rate-limit parsing to prevent permanent event suppression. ([#1790](https://github.com/getsentry/sentry-native/pull/1790))
 - Fix a potential out-of-bounds read when parsing non-NUL-terminated `sentry-trace` headers. ([#1749](https://github.com/getsentry/sentry-native/pull/1749))
 - Harden ELF note parsing against overflow and OOB reads. ([#1773](https://github.com/getsentry/sentry-native/pull/1773))
+- Fix memory leak in session deserialization on malformed cached files. ([#1789](https://github.com/getsentry/sentry-native/pull/1789))
 - Fix division by zero when breadcrumbs are disabled. ([#1767](https://github.com/getsentry/sentry-native/pull/1767))
 - Native: escape JSON attachments. ([#1771](https://github.com/getsentry/sentry-native/pull/1771))
 - Handle memory allocation failures during JSON serialization to prevent truncated output. ([#1772](https://github.com/getsentry/sentry-native/pull/1772))

src/sentry_session.c

@@ -151,17 +151,20 @@ sentry__session_from_json(const char *buf, size_t buflen)
 
     sentry_value_t attrs = sentry_value_get_by_key(value, "attrs");
     if (sentry_value_is_null(attrs)) {
+        sentry_value_decref(value);
         return NULL;
     }
     char *release = sentry__string_clone(
         sentry_value_as_string(sentry_value_get_by_key(attrs, "release")));
     if (!release) {
+        sentry_value_decref(value);
         return NULL;
     }
 
     sentry_session_t *rv = SENTRY_MAKE(sentry_session_t);
     if (!rv) {
         sentry_free(release);
+        sentry_value_decref(value);
         return NULL;
     }
     rv->session_id