This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-c-core.git
The following commit(s) were added to refs/heads/master by this push:
new 89f13c513 Fix out_stream memory leak on early returns (AXIS2C-1586)
89f13c513 is described below
commit 89f13c5133a3584235418219a307c10e6d1a2767
Author: Robert Lazarski <[email protected]>
AuthorDate: Sat Jan 10 10:20:31 2026 -1000
Fix out_stream memory leak on early returns (AXIS2C-1586)
In axis2_http_worker_process_request(), out_stream was created
unconditionally at function entry, but several early return paths
existed before it could be assigned to msg_ctx:
- conf_ctx NULL check
- http_version NULL check
- response creation failure
- content length validation
In all these cases, out_stream was leaked.
Fix by deferring out_stream creation until after msg_ctx is confirmed
to exist, creating it only when needed.
Based on patch by Pradyumna Saraph.
Co-Authored-By: Claude Opus 4.5 <[email protected]>
---
src/core/transport/http/common/http_worker.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/core/transport/http/common/http_worker.c
b/src/core/transport/http/common/http_worker.c
index 286969395..204a542db 100644
--- a/src/core/transport/http/common/http_worker.c
+++ b/src/core/transport/http/common/http_worker.c
@@ -115,8 +115,8 @@ axis2_http_worker_process_request(
axis2_msg_ctx_t *msg_ctx = NULL;
axutil_stream_t *request_body = NULL;
- /* Creating out_stream as basic stream */
- axutil_stream_t *out_stream = axutil_stream_create_basic(env);
+ /* out_stream will be created later ONLY if msg_ctx does exist */
+ axutil_stream_t *out_stream = NULL;
axis2_http_simple_response_t *response = NULL;
/* Transport in and out descriptions */
@@ -431,10 +431,16 @@ axis2_http_worker_process_request(
/* Here out_stream is set into the in message context. out_stream is
copied from in message context
* into the out message context later in core_utils_create_out_msg_ctx()
function. The buffer in
* out_stream is finally filled with the soap envelope in
http_transport_sender_invoke() function.
- * To avoid double freeing of out_stream we reset the out message context
at the end of engine
+ * To avoid double freeing of out_stream we reset the out message context
at the end of engine
* receive function.
+ *
+ * Create out_stream here only if msg_ctx exists to avoid memory leak on
early returns.
*/
- axis2_msg_ctx_set_transport_out_stream(msg_ctx, env, out_stream);
+ if(msg_ctx)
+ {
+ out_stream = axutil_stream_create_basic(env);
+ axis2_msg_ctx_set_transport_out_stream(msg_ctx, env, out_stream);
+ }
headers = axis2_http_worker_get_headers(http_worker, env, simple_request);
axis2_msg_ctx_set_transport_headers(msg_ctx, env, headers);
