Comment 10 for bug 1990903

Yes, but num_headers never changes from zero in that case, so no attempt is made to free anything.

And also, the loop which does the freeing has the check for headers_array being NULL anyway, as part of the termination condition:

 for (i = 0; headers_array && i < 2 * (num_headers + 1); i++) {
  free(headers_array[i]);
 }

I still don't quite see *how* it can happen when num_headers is non-zero though, unless the calloc() fails. Or unless openconnect_webview_load_changed() frees them, which surely it shouldn't?