RFR: 8375684: Avoid leak in KeystoreImpl.m when using CFArrayCreateMutable
Matthias Baesken
mbaesken at openjdk.org
Thu Jan 22 12:31:42 UTC 2026
On Tue, 20 Jan 2026 16:47:29 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> In KeystoreImpl.m we use CFArrayCreateMutable, but we do not always CFRelease the resources we created.
> This should be adjusted.
>
> See
> https://developer.apple.com/documentation/corefoundation/cfarraycreatemutable(_:_:_:)
>
> return value is
> A new mutable array, or NULL if there was a problem creating the object. Ownership follows the [The Create Rule](https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html#//apple_ref/doc/uid/20001148-103029).
Thanks for the review !
When looking at the same file, seems privateKeyRef from
SecKeyRef privateKeyRef;
err = SecIdentityCopyPrivateKey(theIdentity, &privateKeyRef);
https://github.com/openjdk/jdk/blob/5ba91fed345b078a67ad6bead1d8893bd9289f58/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m#L343
needs to be CFReleased too according to
https://developer.apple.com/documentation/security/secidentitycopyprivatekey(_:_:)
should I add this here or in a separate PR ?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/29326#issuecomment-3784135239
More information about the security-dev
mailing list