Skip to content

Fix memory leak #3470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: v3/master
Choose a base branch
from
Open

Fix memory leak #3470

wants to merge 2 commits into from

Conversation

@FireBurn
Copy link

@FireBurn FireBurn commented Nov 21, 2025

This is a potential fix to #2848

It was AI generated by Google AI Studio

Here are it's workings:

Based on the Valgrind output and the provided code, the memory leak is located in the TransactionAnchoredVariables class (which is part of the Transaction object).

The stack trace indicates that memory allocated during the construction of AnchoredSetVariableTranslationProxy (specifically inside a std::function initialization) is never freed.

==27426== 1 bytes in 1 blocks are possibly lost ...
==27426== at 0x482BBB5: operator new(unsigned int) ...
==27426== by 0x94EB43A: ... function<...>::operator= ...
==27426== by 0x94EB43A: AnchoredSetVariableTranslationProxy ...
==27426== by 0x94EB43A: modsecurity::TransactionAnchoredVariables::TransactionAnchoredVariables(modsecurity::Transaction*) ...

In src/transaction.cc, the Transaction constructor initializes TransactionAnchoredVariables:

Transaction::Transaction(ModSecurity *ms, RulesSet *rules, const char *id,
    void *logCbData, const time_t timestamp)
    : ...
    TransactionAnchoredVariables(this) { // <--- Initialization here
    ...

And in src/variables/variable.h, the code accesses m_variableArgsNames as if it were an object (using &), not a pointer:

anchoredSetVariableTranslationProxy = &t->m_variableArgsNames;

This usage pattern combined with the leak indicates that TransactionAnchoredVariables declares its members (like m_variableArgsNames) as references (&) but initializes them using new in its constructor.

Because they are references, the TransactionAnchoredVariables destructor does not (and cannot) delete the objects they refer to. Consequently, the AnchoredSetVariableTranslationProxy objects (and their internal std::function members) are leaked when the Transaction is destroyed.

To fix this:
The members in TransactionAnchoredVariables should be changed from references (e.g., AnchoredSetVariableTranslationProxy &) to pointers (e.g., std::unique_ptr<AnchoredSetVariableTranslationProxy>), or they should be deleted manually in the TransactionAnchoredVariables destructor if raw pointers are used. Given the &t->member usage, they were likely intended to be value members or references binding to dynamic memory (which is the bug).

@FireBurn FireBurn force-pushed the issue-2848 branch 4 times, most recently from d9c7725 to 4b360b3 Compare November 22, 2025 14:47
@FireBurn
Fix memory leak in variable translation proxies
d50ded2 
The members m_variableArgsNames, m_variableArgsGetNames, and m_variableArgsPostNames were allocated using new but stored as references. This caused a memory leak because their destructors were never called.

This change wraps the allocations in std::unique_ptr to ensure proper cleanup while keeping the reference members to maintain compatibility with existing code syntax.
@FireBurn
Fix memory leak in transaction rule removal lists
26422d7 
Valgrind reported memory leaks in m_ruleRemoveTargetByTag and related containers when ctl actions were used.

This change explicitly clears m_ruleRemoveById, m_ruleRemoveByIdRange, m_ruleRemoveByTag, m_ruleRemoveTargetByTag, and m_ruleRemoveTargetById in the Transaction destructor to ensure all allocated memory is freed.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 22, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FireBurn