Memory leak in CFNetworkExecuteProxyAutoConfigurationURL if URL cannot be reached

Originator:thibault.ml
Number:rdar://20974299 Date Originated:15-May-2015
Status:Closed (Dupe) Resolved:Yes
Product:OS X SDK Product Version:10.10.4 (14E17e)
Classification:Bug Reproducible:Always
 
Summary:
CFNetworkExecuteProxyAutoConfigurationURL leaks the CFRunLoopSourceRef it returns if the URL passed as the first parameter cannot be reached.

Upon LLDB examination, it seems that the CFRunLoopSource is cached (retained) within a PACCacheEntry in "EnqueuePACExecutionForKey", and is only released (balancing the retain) in PACCacheEntry_ConstructJSContext.

However, PACCacheEntry_ConstructJSContext is only called when the PAC file was successfully downloaded (whether it actually was a PAC file or not).

This means that the CFRunLoopSourceRef is never released (well, it would be released within 24hrs when the PACCacheEntry expires), and that brings a second problem: the "release" function pointer of the CFStreamClientContext structure is not called either, until the source is released.
This creates a leak within the client application as well, if it uses the "retain" and "release" function pointers.

Steps to Reproduce:
1. Write code calling CFNetworkExecuteProxyAutoConfigurationURL properly (attached in this radar [1])
2. Make sure to use an unreachable URL as the first argument (like "htp://apple.com") (see attached code [1])
3. Start "Allocations" in instruments, with "Record reference counts" activated
4. Run within instruments
5. Once finished, look for CFRunLoopSourceRef
6. Select the one created where responsible caller is "CreateCFNExecutePACContext"

Expected Results:
The object should be released properly, whether the URL passed to CFNetworkExecuteProxyAutoConfigurationURL was reachable or not

Actual Results:
The CFRunLoopSourceRef is still live despite CFNetworkExecuteProxyAutoConfigurationURL being finished with running, and the only retain call missing a balancing release is EnqueuePACExecutionForKey.

It seems the only balancing place is in PACCacheEntry_ConstructJSContext, which seems to only be called upon successful download. As the URL was unreachable, this function was not called, and the CFRunLoopSourceRef is leaked.

Version:
Xcode Version 6.3.1 (6D1002)
OS X Yosemite 10.10.4 (14E17e)

Attachements:
[1] https://www.dropbox.com/s/ymeoigea3syzh9i/CFNetworkExecuteProxyAutoConfigurationURL-leak.zip

Comments

Hello Thibault,

Engineering has determined that your bug report (20974299) is a duplicate of another issue (17689518) and will be closed.

The open or closed status of the original bug report your issue was duplicated to appears in the yellow "Duplicate of XXXXXXXX" section of the bug reporter user interface. This section appears near the top of the right column's bug detail view just under the bug number, title, state, product and rank.

An example of the duplicate section from the bug reporter user interface with your bug and the duplicate bug info is included below:

20974299 Memory leak in CFNetworkExecuteProxyAutoConfigurationURL if URL cannot be reached

State: Closed Product:

Rank: No Value

Duplicate of 17689518 (Open/Closed)

By thibault.ml at Feb. 7, 2017, 2:49 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!