double-free after running 2 games

[hizzlekizzle]

For whatever reason, this isn't (apparently) a problem in RetroArch but crashes in BizHawk and presumably other frontends.

https://github.com/libretro/tgbdual-libretro/blob/1e0c4f931d8c5e859e6d3255d67247d7a2987434/libretro/libretro.cpp#L408 https://github.com/libretro/tgbdual-libretro/blob/1e0c4f931d8c5e859e6d3255d67247d7a2987434/libretro/libretro.cpp#L81 my_av_info gets malloc'd once on program init (although not in retro_init), then when retro_unload_game is called it gets free'd... and since it's never malloc'd again a subseqent retro_unload_game call causes it to free that pointer again which expectingly crashes.

So, presumably my_av_info doesn't need to be free'd until deinit instead of in retro_unload_game...?

original issue from BizHawk's repo: https://github.com/TASEmulators/BizHawk/issues/3250

[keithbowes]

Why it doesn't crash in RetroArch is surely pure luck (perhaps RetroArch doesn't call retro_unload_game, which is surely a bug). The core allocates my_av_info globally but then frees it locally; whether free should be in retro_unload_game or retro_deinit is fairly a moot point; allocating my_av_info should be in retro_load_game or retro_init (depending on where free is).