Memory leaks from mono_type_full_name in marshal-shared.c error paths

[lewing]

Description

mono_type_full_name() returns an allocated string, but several call sites in src/mono/mono/metadata/marshal-shared.c pass it directly into g_strdup_printf or g_error without freeing the intermediate allocation:

• Line 778: g_strdup_printf("Type %s ...", mono_type_full_name(...))
• Line 816: g_error("Type %s ...", mono_type_full_name(...))
• Line 866: g_strdup_printf("Generic type %s ...", mono_type_full_name(...))
• Lines 912-913: g_strdup_printf("Type %s with field type %s ...", mono_type_full_name(...), mono_type_full_name(...))

Each leaks the string returned by mono_type_full_name(). While these are error paths, they can fire repeatedly during AOT compilation (e.g., when processing assemblies with many invalid marshal configurations), causing cumulative memory growth.

Fix

Store the result in a temporary, use it in the format string, then g_free it:

char *type_name = mono_type_full_name(m_class_get_byval_arg(klass));
char *msg = g_strdup_printf("Type %s ...", type_name);
g_free(type_name);
mono_marshal_shared_mb_emit_exception_marshal_directive(mb, msg);

This pattern should be applied to all call sites in the file.