RFR: 8375684: Avoid leak in KeystoreImpl.m when using CFArrayCreateMutable
Matthias Baesken
mbaesken at openjdk.org
Fri Jan 23 09:07:53 UTC 2026
On Tue, 20 Jan 2026 16:47:29 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> In KeystoreImpl.m we use CFArrayCreateMutable, but we do not always CFRelease the resources we created.
> This should be adjusted.
>
> See
> https://developer.apple.com/documentation/corefoundation/cfarraycreatemutable(_:_:_:)
>
> return value is
> A new mutable array, or NULL if there was a problem creating the object. Ownership follows the [The Create Rule](https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html#//apple_ref/doc/uid/20001148-103029).
Seems
SecKeychainCopyDefault
needs a CFRelease too .
See https://developer.apple.com/documentation/security/seckeychaincopydefault(_:) .
But I do not see one here afterwards
https://github.com/openjdk/jdk/blob/fa20391e73102a5d6a5b0a760d95a4225c673e04/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m#L769
-------------
PR Comment: https://git.openjdk.org/jdk/pull/29326#issuecomment-3789169638
More information about the security-dev
mailing list