RDKB-63722:Analyze and fix/mitigate memory leaks from curl_easy_perform calls

[tabbas651]

Reason for change: Added the LeakTest for https get and post operations wiht matching production and edge-case usage
Test Procedure: please refer the ticket comments
Risks: Medium

[Copilot]

Pull request overview

This PR adds a standalone “leaktestapp” utility (C program + scripts) intended to reproduce and analyze memory growth/leaks observed around curl_easy_perform with SSL, including optional Valgrind/Massif and GDB-based tracing.

Changes:

• Added memory_verifier.c test harness with connection-pool simulation, POST test, and partial Valgrind/Massif integration.
• Added shell/GDB scripts to automate SSL allocation tracing and an investigation workflow.
• Added documentation and build support for the standalone tool.

Reviewed changes

Copilot reviewed 6 out of 8 changed files in this pull request and generated 18 comments.

Show a summary per file

File	Description
leaktestapp/memory_verifier.c	Implements the standalone verifier and valgrind/massif helpers (currently has several functional gaps/bugs).
leaktestapp/run_gdb_dynamic_analysis.sh	Automates a GDB batch run + summarizes trace output (naming/docs inconsistencies, status reporting).
leaktestapp/investigate_ssl_memory.sh	Runs an investigation workflow (currently calls unsupported CLI flags).
leaktestapp/gdb_batch_script.gdb	GDB breakpoint script for SSL/OpenSSL alloc/free functions.
leaktestapp/dynamic_analysis_results/dynamic_ssl_20260311_130038_analysis.log	Committed run artifact (should not be in source control).
leaktestapp/README.md	Usage/docs for the tool (paths/filenames and outputs currently don’t match repo contents).
leaktestapp/Makefile	Build/run targets for the standalone verifier.

---

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

run_connection_pool_test() returns int but reaches the end of the function without returning a value, which is undefined behavior and will be warned about by the compiler. It also never updates results->passed/failed/warnings for this test. Add an explicit return value on all paths and record the test outcome in results (and consider returning 1/0/-1 consistently with the other tests).

[Copilot]

print_usage() advertises several CLI flags (e.g. --basic, --handle, --compare, --pool-reset, --reset, --valgrind-reset, --post-analysis, --all-valgrind), but main() does not parse/handle them and will exit with “Unknown argument”. Either implement these flags (and the corresponding test functions) or remove them from usage/help text and from any scripts that call them.

Suggested change

	printf(" --reset, -r Run pool reset vs partial cleanup comparison\n");
	printf(" --all, -a Run all standard tests (default)\n");
	printf("\n%s🧪 NEW: Valgrind-Integrated Tests (for SSL/OpenSSL investigation):%s\n", BLUE, NC);
	printf(" --valgrind-pool Valgrind analysis of pool without reset\n");
	printf(" --valgrind-reset Valgrind analysis of pool with reset fix \n");
	printf(" --valgrind-ssl Investigate SSL/OpenSSL memory patterns\n");
	printf(" --post-analysis Compare reset impact on memory leaks\n");
	printf(" --all-valgrind Run all valgrind-integrated tests\n");
	printf("\n --help Show this help message\n");
	printf("\n%sStandard Examples:%s\n", YELLOW, NC);
	printf(" %s --basic --get # Test basic GET request memory behavior\n", program_name);
	printf(" %s --get # Test all GET request patterns\n", program_name);
	printf(" %s --post # Test POST request memory behavior\n", program_name);
	printf(" %s --compare # Compare HTTP vs HTTPS memory usage\n", program_name);
	printf(" %s --pool # Test connection pool memory management\n", program_name);
	printf(" %s --pool-reset # Test connection pool with reset fix\n", program_name);
	printf("\n%s🔍 Valgrind Investigation Examples (for manager's SSL concern):%s\n", BLUE, NC);
	printf(" %s --valgrind-pool # Baseline pool analysis\n", program_name);
	printf(" %s --valgrind-reset # Pool analysis with reset fix \n", program_name);
	printf(" %s --valgrind-ssl # Deep SSL/OpenSSL investigation\n", program_name);
	printf(" %s --post-analysis # Compare 3484KB→3608KB increase impact\n", program_name);
	printf(" %s --all-valgrind # Complete valgrind investigation suite\n", program_name);
	printf("\n%sUsage:%s\n", YELLOW, NC);
	printf(" %s [options]\n", program_name);
	printf("\n%sOptions:%s\n", YELLOW, NC);
	printf(" --help Show this help message\n");
	printf("\nWhen run without arguments, this tool executes its default memory\n");
	printf("verification test suite against libcurl/OpenSSL.\n");
	printf("Additional test modes may be available and are intended for internal\n");
	printf("use; only supported options are guaranteed to be accepted.\n");
	(void)program_name; /* suppress unused parameter warning if applicable */
	/* Note: Detailed per-flag documentation was removed to avoid advertising
	* CLI options that are not handled by main(), which caused confusion and
	* static analysis warnings. See source code for currently supported modes.
	*/

[Copilot]

The script uses a bash shebang and bash-specific syntax (e.g., [[ ... ]] later). For embedded portability it’s generally safer to keep scripts POSIX-sh compatible (#!/bin/sh) unless bash is guaranteed. Either convert the script to POSIX sh syntax or clearly document the bash dependency.

[Copilot]

The header comments reference ./run_dynamic_analysis.sh, but the file committed is run_gdb_dynamic_analysis.sh and README also refers to run_dynamic_analysis.sh. Rename the script to match the documented name (or update docs/comments to the actual filename) to avoid confusion.

Suggested change

	# Usage: ./run_dynamic_analysis.sh [timeout_seconds] [iterations]
	# Example: ./run_dynamic_analysis.sh 30 25
	# Usage: ./run_gdb_dynamic_analysis.sh [timeout_seconds] [iterations]
	# Example: ./run_gdb_dynamic_analysis.sh 30 25

[Copilot]

This script uses a bash shebang. If the goal is to run on embedded/busybox environments, consider making it POSIX-sh compatible (#!/bin/sh) and avoiding bashisms; otherwise document that bash + coreutils timeout are required.

Suggested change

	#!/bin/bash
	#!/bin/sh

[Copilot]

run_all_valgrind is declared but never set by any CLI flag (there is no parsing for --all-valgrind), so the “all valgrind tests” mode can’t be triggered even though it’s advertised in the help output. Add argument parsing for --all-valgrind (and/or remove the unused variable/help text).

[Copilot]

Duplicate line: (void)res is written twice, which is redundant and can hide real issues in reviews. Remove the extra statement (or preferably handle/print res so failures are visible during testing).

[Copilot]

run_valgrind_ssl_investigation() invokes "./memory_verifier --compare", but --compare is not recognized by main() (it will currently exit with an unknown-argument error). Either implement the --compare mode or change this command to run an actually supported flag.

[Copilot]

This script calls ./memory_verifier --post-analysis, but memory_verifier currently doesn’t implement/parse --post-analysis (it exits with “Unknown argument”). Update the verifier to support this flag or adjust the script to use an implemented mode.

Suggested change

	./memory_verifier --post-analysis
	echo "This step performs comparative analysis based on previously generated logs."
	echo "Please review files such as valgrind_pool_baseline.log and any SSL logs"
	echo "to compare memory usage before and after the reset fix."

[Copilot]

README references a different directory name (memory-verifier/) and a script named run_dynamic_analysis.sh, but the repo path here is leaktestapp/ and the script added is run_gdb_dynamic_analysis.sh. Update the README commands/paths to match the actual layout and filenames so the quick-start instructions work.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 8 changed files in this pull request and generated 14 comments.

---

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

On the baseline_rss < 0 early return, pool_entries has already been allocated and the mutex/cond have been initialized, but none of them are cleaned up. Please add a cleanup path (free pool entries and destroy pthread objects) before returning to avoid leaks in the verifier itself.

Suggested change

	results->warnings++;
	results->warnings++;
	/* Cleanup allocated resources before returning to avoid leaks */
	pthread_cond_destroy(&pool_cond);
	pthread_mutex_destroy(&pool_mutex);
	free(pool_entries);
	pool_entries = NULL;

[Copilot]

delay_ms is documented/used as microseconds (usleep(delay_ms) and logs say “microseconds”), so the name is misleading. Rename it to reflect units (e.g., delay_us) or store milliseconds and convert when calling usleep, to avoid unit bugs later.

[Copilot]

res is silenced twice; the second (void)res; is redundant noise. Please remove the duplicate line.

Suggested change

(void)res; // Suppress unused warning

[Copilot]

system("export T2_CONNECTION_POOL_SIZE=2") won’t affect the environment of the subsequent system(cmd) call (each system() runs in its own shell). If the pool size must be set for the valgrind run, include it in cmd (e.g., T2_CONNECTION_POOL_SIZE=2 valgrind ...) or use setenv() before invoking valgrind.

[Copilot]

The example T2_CONNECTION_POOL_SIZE=2 ./memory_verifier --pool is annotated as “Pool size 3”, which is inconsistent with the env var value. Please fix the comment/example so users don’t misconfigure the pool size.

Suggested change

	T2_CONNECTION_POOL_SIZE=2 ./memory_verifier --pool # Pool size 3
	T2_CONNECTION_POOL_SIZE=2 ./memory_verifier --pool # Pool size 2

[Copilot]

This script invokes ./memory_verifier --post-analysis, but memory_verifier.c doesn’t handle --post-analysis in its argument parsing (it will exit with “Unknown argument”). Please align the script with the implemented CLI (or add the missing --post-analysis option).

Suggested change

	./memory_verifier --post-analysis
	./memory_verifier

[Copilot]

The Makefile help suggests CLI options (--valgrind-reset, --post-analysis) that memory_verifier doesn’t currently implement/parse. Please keep Makefile help aligned with actual supported options, otherwise users will hit “Unknown argument”.

Suggested change

	@echo "Individual Valgrind Tests:"
	@echo " ./memory_verifier --valgrind-pool # Baseline"
	@echo " ./memory_verifier --valgrind-reset # Reset fix"
	@echo " ./memory_verifier --post-analysis # Compare"
	@echo "Note:"
	@echo " Valgrind-based SSL memory investigations are driven via:"
	@echo " make valgrind-investigate"
	@echo " (see investigate_ssl_memory.sh/.bat for detailed steps)"

[Copilot]

If curl_easy_init() fails during pool initialization, the code frees handles but skips cleanup of curl_global_init() state and does not destroy pool_mutex / pool_cond. Please ensure the error path calls curl_global_cleanup() (since global init already ran) and destroys the pthread primitives before returning.

Suggested change

	cleanup_curl_handles_local(pool_entries, i); // Only cleanup up to current index
	cleanup_curl_handles_local(pool_entries, i); // Only cleanup up to current index
	// Ensure we also clean up global curl state and synchronization primitives
	pthread_mutex_destroy(&pool_mutex);
	pthread_cond_destroy(&pool_cond);
	curl_global_cleanup();

[Copilot]

This script is #!/bin/bash and uses bash-only features (&>, read -p, [[ ... ]], regex match). Elsewhere in this repo scripts use POSIX #!/bin/sh for embedded portability. Please rewrite with POSIX sh constructs (or justify why bash is guaranteed on all target environments).

[Copilot]

The Markdown code fences for “Directory Structure” / “Build & Run” appear unbalanced (a ``` block opens at “Directory Structure” but isn’t closed before “Build & Run”). This causes rendering issues on GitHub. Please close/open code fences appropriately.

In general, to fix this issue you should avoid relying on the default permissions implied by fopen and instead create the file with an explicit, restrictive mode (for example, read/write for the current user only). On POSIX systems this is typically done by first calling open() with flags O_WRONLY | O_CREAT | O_TRUNC and mode S_IRUSR | S_IWUSR, then wrapping the resulting file descriptor with fdopen() to obtain a FILE * stream that can be used like the original fopen stream.

For this specific code, the best targeted fix is to replace the call to fopen("connection_pool_iterations.log", "w") with a short sequence that uses open() and fdopen() to create connection_pool_iterations.log with mode S_IRUSR | S_IWUSR. This change keeps the rest of the logic intact: it still gets a FILE *iteration_log which is NULL if creation fails, and the rest of the function can continue to work as before. We must include the appropriate headers for the new APIs and permission constants: <fcntl.h> for open and O_* flags, and <sys/stat.h> for S_IRUSR and S_IWUSR. Only the shown section in leaktestapp/memory_verifier.c should be modified: add the necessary includes near the top of the file and replace the fopen call on line 347 with the safe open/fdopen pattern.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 9 changed files in this pull request and generated 8 comments.

---

You can also share your feedback on Copilot code review. Take the survey.