diff --git a/doc/Changelog b/doc/Changelog
index 5297a87dc..0639bd918 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+21 July 2023: George
+	- Merge #857 from eaglegai: fix potential memory leaks when errors
+	  happen.
+	- For #857: fix mixed declarations and code.
+
 20 July 2023: George
 	- Merge #909 from headshog: Numeric truncation when parsing TYPEXX and
 	  CLASSXX representation.
diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c
index d612575f3..8bffe46ce 100644
--- a/smallapp/unbound-host.c
+++ b/smallapp/unbound-host.c
@@ -482,6 +482,7 @@ int main(int argc, char* argv[])
 		case '?':
 		case 'h':
 		default:
+			ub_ctx_delete(ctx);
 			usage();
 		}
 	}
@@ -495,8 +496,10 @@ int main(int argc, char* argv[])
 	}
 	argc -= optind;
 	argv += optind;
-	if(argc != 1)
+	if(argc != 1) {
+		ub_ctx_delete(ctx);
 		usage();
+	}
 
 #ifdef HAVE_SSL
 #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index 4eee14187..84d2b65f6 100644
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -379,15 +379,19 @@ static void
 send_em(const char* svr, const char* pp2_client, int udp, int usessl,
 	int noanswer, int onarrival, int delay, int num, char** qs)
 {
-	sldns_buffer* buf = sldns_buffer_new(65553);
-	sldns_buffer* proxy_buf = sldns_buffer_new(65553);
 	struct sockaddr_storage svr_addr;
 	socklen_t svr_addrlen;
 	int fd = open_svr(svr, udp, &svr_addr, &svr_addrlen);
 	int i, wait_results = 0, pp2_parsed;
 	SSL_CTX* ctx = NULL;
 	SSL* ssl = NULL;
-	if(!buf) fatal_exit("out of memory");
+	sldns_buffer* buf = sldns_buffer_new(65553);
+	sldns_buffer* proxy_buf = sldns_buffer_new(65553);
+	if(!buf || !proxy_buf) {
+		sldns_buffer_free(buf);
+		sldns_buffer_free(proxy_buf);
+		fatal_exit("out of memory");
+	}
 	pp2_parsed = parse_pp2_client(pp2_client, udp, proxy_buf);
 	if(usessl) {
 		ctx = connect_sslctx_create(NULL, NULL, NULL, 0);