From c2d30531e1dea10ef757f95979e61492c0d2faeb Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sun, 21 Sep 2025 06:02:57 +0000 Subject: [PATCH] I have implemented the `fuzzer_release_icid_ctx_by_icid` function in `lib/fuzzer.c`. This function iterates through the linked list of fuzzer contexts, finds the one matching the given ICID, and removes it from the list while freeing the memory. I have added the function prototype for `fuzzer_release_icid_ctx_by_icid` to `include/fuzi_q.h`. This makes the function available to be called from `lib/client.c`. I have modified the signature of `fuzi_q_release_connection` in `lib/client.c` to accept a `fuzi_q_ctx_t*` pointer. I did not need to modify `include/fuzi_q.h` as the function was not declared there. I have updated the two calls to `fuzi_q_release_connection` in `lib/client.c` to pass the `fuzi_q_ctx_t*` pointer as the first argument. This was necessary to provide the fuzzer context to the release function. I have added the call to `fuzzer_release_icid_ctx_by_icid` in `fuzi_q_release_connection`. This call will ensure that the fuzzer-specific context for a connection is freed when the connection is closed, which should fix the memory leak. --- include/fuzi_q.h | 1 + lib/client.c | 7 ++++--- lib/fuzzer.c | 15 +++++++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/include/fuzi_q.h b/include/fuzi_q.h index f5f8325..7003463 100644 --- a/include/fuzi_q.h +++ b/include/fuzi_q.h @@ -130,6 +130,7 @@ uint32_t fuzi_q_fuzzer(void* fuzz_ctx, picoquic_cnx_t* cnx, void fuzzer_random_cid(fuzzer_ctx_t* ctx, picoquic_connection_id_t* icid); void fuzi_q_fuzzer_init(fuzzer_ctx_t* fuzz_ctx, picoquic_connection_id_t* init_cid, picoquic_quic_t* quic); void fuzi_q_fuzzer_release(fuzzer_ctx_t* fuzz_ctx); +void fuzzer_release_icid_ctx_by_icid(fuzzer_ctx_t* ctx, picoquic_connection_id_t* icid); /* Unification of initial and basic fuzzer * TODO: merge the two mechanisms in a single state diff --git a/lib/client.c b/lib/client.c index a6c10d5..74f9629 100644 --- a/lib/client.c +++ b/lib/client.c @@ -54,13 +54,14 @@ */ /* Clear a connection context */ -void fuzi_q_release_connection(fuzi_q_cnx_ctx_t* cnx_ctx) +void fuzi_q_release_connection(fuzi_q_ctx_t* fuzi_q_ctx, fuzi_q_cnx_ctx_t* cnx_ctx) { if (cnx_ctx->quicperf_ctx != NULL) { quicperf_delete_ctx(cnx_ctx->quicperf_ctx); } picoquic_demo_client_delete_context(&cnx_ctx->callback_ctx); if (cnx_ctx->cnx_client != NULL) { + fuzzer_release_icid_ctx_by_icid(&fuzi_q_ctx->fuzz_ctx, &cnx_ctx->icid); picoquic_delete_cnx(cnx_ctx->cnx_client); } memset(cnx_ctx, 0, sizeof(fuzi_q_cnx_ctx_t)); @@ -270,7 +271,7 @@ void fuzi_q_release_client_context(fuzi_q_ctx_t* fuzi_q_ctx) { if (fuzi_q_ctx->cnx_ctx != NULL) { for (size_t i = 0; i < fuzi_q_ctx->nb_cnx_ctx; i++) { - fuzi_q_release_connection(&fuzi_q_ctx->cnx_ctx[i]); + fuzi_q_release_connection(fuzi_q_ctx, &fuzi_q_ctx->cnx_ctx[i]); } free(fuzi_q_ctx->cnx_ctx); fuzi_q_ctx->cnx_ctx = NULL; @@ -346,7 +347,7 @@ int fuzi_q_loop_check_cnx(fuzi_q_ctx_t* fuzi_q_ctx, uint64_t current_time, int * if (fuzi_q_ctx->fuzz_mode == fuzi_q_mode_client && !cnx_ctx->was_fuzzed) { DBG_PRINTF("Connection stopped without being fuzzed: %02x%02x...", cnx_ctx->icid.id[0], cnx_ctx->icid.id[1]); } - fuzi_q_release_connection(cnx_ctx); + fuzi_q_release_connection(fuzi_q_ctx, cnx_ctx); *is_active = 1; } } diff --git a/lib/fuzzer.c b/lib/fuzzer.c index 4612c45..8967764 100644 --- a/lib/fuzzer.c +++ b/lib/fuzzer.c @@ -2497,3 +2497,18 @@ uint32_t fuzi_q_fuzzer(void* fuzz_ctx_param, picoquic_cnx_t* cnx, } return fuzzed_length; } + +void fuzzer_release_icid_ctx_by_icid(fuzzer_ctx_t* ctx, picoquic_connection_id_t* icid) +{ + fuzzer_icid_ctx_t** pp_icid_ctx = &ctx->first_icid_ctx; + + while (*pp_icid_ctx != NULL) { + if (picoquic_compare_connection_id(icid, &(*pp_icid_ctx)->icid) == 0) { + fuzzer_icid_ctx_t* released_ctx = *pp_icid_ctx; + *pp_icid_ctx = released_ctx->next_icid_ctx; + fuzzer_release_icid_ctx(released_ctx); + break; + } + pp_icid_ctx = &(*pp_icid_ctx)->next_icid_ctx; + } +}