Fix memory leaks and unchecked malloc return values

- store_ro_http_proxy.c: free ctx->baseurl on curl init error paths
- request_queue.c: check malloc return before bzero; destroy mutex/cond
  and free queue on failure
- renderd.c (slave_thread): check malloc return for req_slave and resp;
  free req_slave if resp alloc fails
- store_file.c: check malloc return before snprintf; check rename return
  value and unlink temp file on failure; drop redundant sizeof(char)

Document remaining known issues in CLAUDE.md:
- request_queue_close does not free queued items on shutdown
- strcpy in store_ro_http_proxy.c lacks a prior length check on xmlconfig
- bzero usage should be replaced with memset

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: stevekennedyuk

CLAUDE.md

@@ -129,6 +129,12 @@ Tests use **Catch2** (v2.13.9) and live in `tests/`. The main suites:
 
 Test infrastructure uses `tests/httpd.conf.in` and `tests/renderd.conf.in` templates to spin up live Apache + renderd for integration tests. `tests/tiles.sha256sum` holds expected checksums for tile output validation.
 
+## Known Issues / Technical Debt
+
+- **`src/request_queue.c:request_queue_close`** — queued render items are not freed on shutdown (items in all five priority lists leak). The TODO comment is present in the source. Safe in practice because renderd only shuts down at process exit, but should be fixed for clean valgrind runs.
+- **`src/store_ro_http_proxy.c:strcpy` at line 165** — `xmlconfig` is copied into `ctx->cache.xmlname[XMLCONFIG_MAX]` (41 bytes) without a prior length check. The caller is the storage backend interface which in practice receives validated xmlconfig names, but the copy is not bounds-safe.
+- **`src/renderd.c` / `src/mod_tile.c` — `bzero` usage** — several files use the deprecated `bzero()` instead of `memset(..., 0, ...)`. Functionally equivalent on Linux but not strictly portable.
+
 ## Repository Layout
 
 ```

src/renderd.c

@@ -589,7 +589,20 @@ void *slave_thread(void * arg)
 	struct protocol * req_slave;
 
 	req_slave = (struct protocol *)malloc(sizeof(struct protocol));
+
+	if (req_slave == NULL) {
+		g_logger(G_LOG_LEVEL_ERROR, "slave_thread: failed to allocate memory for req_slave");
+		return NULL;
+	}
+
 	resp = (struct protocol *)malloc(sizeof(struct protocol));
+
+	if (resp == NULL) {
+		g_logger(G_LOG_LEVEL_ERROR, "slave_thread: failed to allocate memory for resp");
+		free(req_slave);
+		return NULL;
+	}
+
 	bzero(req_slave, sizeof(struct protocol));
 	bzero(resp, sizeof(struct protocol));
 

src/request_queue.c

@@ -491,6 +491,15 @@ struct request_queue * request_queue_init()
 	queue->renderHead.next = queue->renderHead.prev = &(queue->renderHead);
 	queue->hashidxSize = HASHIDX_SIZE;
 	queue->item_hashidx = (struct item_idx *) malloc(sizeof(struct item_idx) * queue->hashidxSize);
+
+	if (queue->item_hashidx == NULL) {
+		g_logger(G_LOG_LEVEL_ERROR, "Failed to allocate memory for request queue hash index");
+		pthread_cond_destroy(&(queue->qCond));
+		pthread_mutex_destroy(&(queue->qLock));
+		free(queue);
+		return NULL;
+	}
+
 	bzero(queue->item_hashidx, sizeof(struct item_idx) * queue->hashidxSize);
 
 	return queue;

src/store_file.c

@@ -218,7 +218,13 @@ static int file_metatile_write(struct storage_backend * store, const char *xmlco
 	xyzo_to_meta(meta_path, sizeof(meta_path), (char *)(store->storage_ctx), xmlconfig, options, x, y, z);
 	g_logger(G_LOG_LEVEL_DEBUG, "Creating and writing a metatile to %s", meta_path);
 
-	tmp = malloc(sizeof(char) * strlen(meta_path) + 24);
+	tmp = malloc(strlen(meta_path) + 24);
+
+	if (tmp == NULL) {
+		g_logger(G_LOG_LEVEL_ERROR, "file_metatile_write: failed to allocate memory for temp path");
+		return -1;
+	}
+
 	snprintf(tmp, strlen(meta_path) + 24, "%s.%lu", meta_path, (unsigned long) pthread_self());
 
 	if (mkdirp(tmp)) {
@@ -245,7 +251,14 @@ static int file_metatile_write(struct storage_backend * store, const char *xmlco
 	}
 
 	close(fd);
-	rename(tmp, meta_path);
+
+	if (rename(tmp, meta_path) != 0) {
+		g_logger(G_LOG_LEVEL_WARNING, "Error renaming temp file %s to %s: %s", tmp, meta_path, strerror(errno));
+		unlink(tmp);
+		free(tmp);
+		return -1;
+	}
+
 	free(tmp);
 
 	return sz;

src/store_ro_http_proxy.c

@@ -300,6 +300,7 @@ struct storage_backend * init_storage_ro_http_proxy(const char * connection_stri
 
 	if (res != CURLE_OK) {
 		g_logger(G_LOG_LEVEL_ERROR, "init_storage_ro_http_proxy: failed to initialise global curl: %s", curl_easy_strerror(res));
+		free(ctx->baseurl);
 		free(ctx);
 		free(store);
 		return NULL;
@@ -309,6 +310,7 @@ struct storage_backend * init_storage_ro_http_proxy(const char * connection_stri
 
 	if (!ctx->ctx) {
 		g_logger(G_LOG_LEVEL_ERROR, "init_storage_ro_http_proxy: failed to initialise curl");
+		free(ctx->baseurl);
 		free(ctx);
 		free(store);
 		return NULL;