Expressions like e²3 crashes mate-calc

[Euriatol]

Expected behaviour

e²3 should be an invalid expression

Actual behaviour

mate-calc crashes:

free(): invalid pointer
Abandon (core dumped)

Steps to reproduce the behaviour

Enter any variable name followed by a number in superscript and another number.
Press enter.
Note that the variable must exist.
For example : var¹²³456

MATE general version

$ mate-calc -v
mate-calc 1.26.0

Package version

Package: mate-calc
Version: 1.26.0-1

Linux Distribution

Xubuntu 22.04.1 LTS x86_64

Link to bugreport of your Distribution (requirement)

Bug report

[mbkma]

issue also exists in mate-calc 1.24.1

[mbkma]

The issue is an invalid free happening here: https://github.com/mate-desktop/mate-calc/blob/master/src/parser.c#L223

[lukefromdc]

Confirmed here too

[lukefromdc]

Indeed removing lines 222-223 in parser.c

    if(node->value)
        free(node->value);

stops the crash. Question is are there any conditions where this can cause a memory leak, or is this never a valid free? Not sure what's going on here. How is it the if statement isn't catching this?