Fenrir fixes

[JeremiahM37]

Fixes F-968, F-969, F-970, F-972, F-973, F-974, F-975, F-976, F-977, F-978, F-985, F-986, F-1204, F-1205, F-1206, F-1207, F-1208, F-1209, F-1213, F-1651, F-1652, F-1653, F-1654, F-1655, F-1666, F-1667, F-1668, F-1670, F-1675

• Correct sem_wait macro member access, lock_init error cleanup to call sem_destroy instead of sem_init, and shared/mutex lock timeout recovery to update thread accounting and write_lock_holder.
• Move shared lock acquisition before default_event NULL check to prevent TOCTOU race, and unlock shared lock on event lookup failure in both dispatch-by-id and dispatch-by-route.
• Free correct allocation in addr_family_clone error path, use REMOTE instead of LOCAL in route match scoring right-side comparison, change purge loop continue to break to prevent infinite spin, cast derogatory/commendable counts to signed before subtraction, and add parent_table NULL check in dispatch-by-route.
• Remove duplicate unbracketed IPv6 fprintf, redirect render_flags unknown-flag output from stderr to f, and redirect render_endpoint wildcard output from stdout to f.
• Reorder json_feed overflow loop to read input before incrementing off, free keys/stack buffers on error returns in DOM dump and dict_clean, add missing error check and remove erroneous break in dict clone paths, and add SIZE_MAX overflow guards before nesting stack and DOM path reallocation doubling.
• Use WOLFSENTRY_KV_JSON type in user_value_get_json, return user_defined_successes instead of user_defined_errors for success codes, add overflow checks before duration conversion cascade multiplication, fetch new_route_table from cloned context in config commit, use IPPROTO_ICMPV6 in ICMPv6 filter, swap inverted deadline expiry return values, and add void* type to malloc debug ret declaration.

[dgarske]

🐺 Skoll Code Review

Overall recommendation: APPROVE
Findings: 4 total — 1 posted, 3 skipped

Posted findings

• [Medium] Node leaked in dict_clean early error return — src/json/centijson_value.c:1797-1809

Skipped findings

• [Medium] Test coverage gap for duration overflow checks
• [Medium] Test coverage gap for lock timeout recovery thread accounting
• [Low] Initializing this_zerospan_offset to 0 is correct but the variable could use a comment

Review generated by Skoll via openclaw

[dgarske]

🟡 [Medium] Node leaked in dict_clean early error return
💡 SUGGEST bug

The new error-return paths correctly free the stack, but the node that was just popped off the stack (line 1789) is never freed when json_value_fini fails. After node = stack[--stack_size], if either json_value_fini(&node->key) or json_value_fini(&node->json_value) fails, the code does free((void *)stack); return ret; but skips free(node). This leaks the node. Additionally, remaining tree nodes referenced through right and the rest of the stack are also leaked, but that's harder to address.

Suggestion:

Suggested change

	if (ret < 0) {
	if (ret < 0) {
	free(node);
	free((void *)stack);
	return ret;
	}

[JeremiahM37]

Added free(node) before free((void *)stack) in both error returns.