On Mon, 13 Apr 2026 14:18:25 GMT, Weijun Wang <[email protected]> wrote:
>> Seems there is a call to SecIdentityCopyPrivateKey where we miss calling >> CFRelease in early returns/failure cases; same for SecIdentityCopyPrivateKey >> . >> >> See the Apple documentation >> https://developer.apple.com/documentation/security/secidentitycopyprivatekey(_:_:) >> >> Also for >> https://developer.apple.com/documentation/security/secidentitycopycertificate(_:_:) >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > There is an Apple document on ownerships policy at > https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html. > > In the line 463 case, the reference comes from `SecKeychainSearchCopyNext` > which follows the Create Rule. So it's already "retained" and we will not > lose it automatically. > > In our current case, the reference comes from `CFArrayGetValueAtIndex` which > follows the Get Rule, and looks like we should "retain" it. Where the other 2 > `CFRetain` are called, they are also from Get calls. > Hi @wangweij please check the latest commit - is this what you meant (I am > not 100% sure) ? Almost. I was thinking about adding `CFRetain` before the `ptr_to_jlong` line, but yours is more precise. `certificate` is from a Copy method. ------------- PR Comment: https://git.openjdk.org/jdk/pull/29821#issuecomment-4253186183
