looks like it's this thing again: Realloc allocates 16 Bytes of memory when pointer is NULL and size is 0 - #4 by Daeke 
The leaks I'm seeing are when we're doing pd->system->realloc(cInfo, 0) to free cInfo but cInfo is NULL. From man realloc:
If ptr is NULL, realloc() is identical to a call to malloc() for size bytes.
And malloc(0) does, surprisingly, allocate the smallest possible block of memory. I'd added a check for NULL in the shim code in setup.c that replaces free() with a version that calls pd->system->realloc() but if you call it directly it still has that behavior.
I hate changing existing behavior, but I'd be very surprised if anyone's relying on pd->system->realloc(NULL,0) to return an allocated block. I think the right best thing to do here is fix this under the hood instead of asking everyone to be aware of this weird edge case. Apparently this is a whole mess in the C universe, so we've got leeway to pick our own here.
Until then, adding if ( cInfo != NULL ) before the realloc fixes the leaks.