> If the OP would like the reports to be taken seriously, proof of a leak is needed, in the form of code which demonstrates it, rather than the pasted-in output from an automated tool. Leak reports must be taken seriously, especially produced by common tools (in this case looks like it's `gcc` sanitizer). The burden of dis-proof lies squarely on the developer! No one is expecting users to "proof" the leak... manually. I'm already glad the reporting user was able to fuzz the input to trigger the sanitizer report. Now it's the turn for an interested/responsible/able developer to properly follow on, not just blindly dismiss this as a "false-positive".