Open Radar

 
Summary:
The CFHTTPMessageRef, when released, does not release the CFStringRef passed in the statusDescription argument. This causes a memory leak.

Steps to Reproduce:
1) Create a CFStringRef from CFStringCreateWithCString with a C string of some length greater than the minimum required for a new CFStringRef to be malloc'd.
2) Pass this string into CFHTTPMessageCreateResponse with kCFAllocatorSystemDefault for the first argument, a long like 200 for the second, the string from 1) and another CFStringRef for the final argument (this one does not matter).
3) Release all objects created.

Attached is a source file which recreates these steps in a loop to exaggerate the leakage.

Expected Results:
Instruments shows all objects released and deallocated.

Actual Results:
Instruments shows the CFStringRef created in step 1) is not released or dealloced and ends with a retain count of 1.


Version:
iOS 7.1 SDK

Notes:
The second CFStringRef argument to CFHTTPMessageCreateResponse is properly released, no matter the size.
Also reproduces when using the OSX SDK.

Configuration:
iPhone Retina 4 inch simulator

Attachments:
'main.m' was successfully uploaded.

main.m:

#import <Foundation/Foundation.h>
@import CFNetwork;

int main(int argc, const char * argv[])
{
  @autoreleasepool {
		for (int i = 0; i < 1000000; i++) {
			CFStringRef str = CFStringCreateWithCString(kCFAllocatorSystemDefault, "looooooooongdescription", kCFStringEncodingUTF8);
			CFStringRef version = CFStringCreateWithCString(kCFAllocatorSystemDefault, "looooooooooooooooooooooooooooooooooooooooooooooooongerversion", kCFStringEncodingUTF8);
      
			CFHTTPMessageRef message = CFHTTPMessageCreateResponse(kCFAllocatorSystemDefault, 200, str, version);
			if (str != NULL) {
				CFRelease(str);
			}
			if (version != NULL) {
				CFRelease(version);
			}
			// return message, caller does something like
			if (message != NULL) {
				CFRelease(message);
			}
		}
	}
	return 0;
}