Patrick,
POC wrote:
Hello,
I create a CERTCertificate object using CERT_FindCertByName() and then
destroy it using CERT_DestroyCertificate(). However the cert.h file
states this about the function:
** NOTE: certificate's are reference counted. This call decrements the
** reference count, and if the result is zero, then the object is
destroyed
** and optionally freed.
What if I definitely want to free the CERTCertificate object memory?
Wouldn't this function cause a memory leak if I repeatedly call
CERT_FindCertByName/DestroyCertificate and the memory is *optionally
freed*?
-- POC
As long as you call CERT_DestroyCertificate the same number of times as
CERT_FindCertByName (or any other function that returns a
CERTCertificate), there will not be a memory leak.
You may not be able to force the memory to be freed in some
circumstances. For instance, in a multithreaded program, multiple
threads may be manipulating that same certificate, and hold a reference
to it. The CERTCertificate pointer in all those threads will be the
same. If one thread definitely freed the CERTCertificate memory, then
the pointer would become invalid, and the other threads that still have
a reference to it would crash when trying to dereference it.
As long as you call destroy once per find function, your program will
function as expected.
If your program isn't multithreaded, then there is a good chance that
the destroy function will indeed free the memory. But even that isn't
guaranteed. You could have other objects referencing the same
certificate in the same thread, for example a cert list, a cert chain,
etc. The memory only gets freed when there the last user of the
CERTCertificate calls the destroy function.