double-free in http_read_cb()

[snej]

The Clang static analyzer found a code path where a heap block is freed twice, in http_read_cb() in http.c

1. On line 96, free(buf->base);
2. On line 132, free(buf->base);

Unless I’m missing something, flow of control will go from line 96 to line 132 without returning or changing buf or buf->base in the interim.

[ekoby]

good catch, in practice double-free would happen if the server is not HTTP -- sends something that fails to parse by HTTP parser