On Wed, 1 Mar 2023 19:51:46 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> We have a (potential) early return in addCertificatesToKeystore in >> KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this >> missed a CFRelease call. > > src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 431: > >> 429: CFRelease(trustSettings); >> 430: goto errOut; >> 431: } > > Do you also need to switch to `goto errOut` for other `CHECK_NULL` calls > (line 389 etc)? They also skip the release of `keychainItemSearch`. Hi Weijun, yes I think you are right , according to https://developer.apple.com/documentation/security/1515366-seckeychainsearchcreatefromattri we have to call CFRelease on keychainItemSearch ------------- PR: https://git.openjdk.org/jdk/pull/12788
