Problem in sparse_dict_set in case of error

[je-so]

In function sparse_dict_set:

<<<<<<<<<<<<<<<<
if (strncmp(existing_bucket->key, key, lrgr_key) == 0) {
/* Great, we probed along the hashtable and found a bucket with the same key as
* the key we want to insert. Replace it. */
free(existing_bucket->key);
free(existing_bucket->val);
if (_create_and_insert_new_bucket(dict->buckets, probed_val, key, klen, value, vlen)) {
<<<<<<<<<<<<<<<

If _create_and_insert_new_bucket fails the entry existing_bucket has to invalid pointer cause you already freed them before the function returned OK.

Solution: copy the two pointer in temp variables and free them before hitting "return 1;".