On Thu, 19 Feb 2026 16:25:45 GMT, Matthias Baesken <[email protected]> wrote:
> Seems there is a call to SecIdentityCopyPrivateKey where we miss calling > CFRelease in early returns/failure cases; same for SecIdentityCopyPrivateKey . > > See the Apple documentation > https://developer.apple.com/documentation/security/secidentitycopyprivatekey(_:_:) > > Also for > https://developer.apple.com/documentation/security/secidentitycopycertificate(_:_:) > > --------- > - [x] I confirm that I make this contribution in accordance with the [OpenJDK > Interim AI Policy](https://openjdk.org/legal/ai). There is an Apple document on ownerships policy at https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html. In the line 463 case, the reference comes from `SecKeychainSearchCopyNext` which follows the Create Rule. So it's already "retained" and we will not lose it automatically. In our current case, the reference comes from `CFArrayGetValueAtIndex` which follows the Get Rule, and looks like we should "retain" it. Where the other 2 `CFRetain` are called, they are also from Get calls. ------------- PR Comment: https://git.openjdk.org/jdk/pull/29821#issuecomment-4237082222
