search

microsoft / cpprestsdk

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Other
7.96k stars 1.65k forks source link

Memory leak with https schema while using cpprest SDK #1685

Open ksasik opened 2 years ago

ksasik commented 2 years ago

When implementing restapi using cpprest with https schema, memory leak is observed which is pointing to CRYPTO libraries api call i.e CRYPTO_zalloc. If used with http schema, there is no memory leak observed.

Any help is highly appreciated...Thank you in advance.

barcharcraz commented 2 years ago

We recommend using libcurl for new projects.

However, more information about the leak would be appreciated. How are you detecting the leak? Can you generate a callstack for the leaking allocations?

oneiric commented 2 years ago

Hi @barcharcraz , our project is using openapi generator + cpprestsdk. https://openapi-generator.tech/docs/generators/cpp-restsdk

But libcurl is not a client generator that is supported by openapi. https://openapi-generator.tech/docs/generators

Which client generator would you suggest to use?

ksasik commented 2 years ago

We recommend using libcurl for new projects.

However, more information about the leak would be appreciated. How are you detecting the leak? Can you generate a callstack for the leaking allocations?

Hi @barcharcraz, Here is the sample code: image memory leak is detected using valgrind tool. Here is the leak call stack: image

maruthihr commented 2 years ago

@barcharcraz When you say "we recommend using libcurl in projects", Do you mean use libcurl instead of libcrypto?

bektfatm commented 2 years ago

Hi, any feedback on this issue? Facing the same problem.

Lysuo commented 2 weeks ago

Hi

I am facing a similar issue, at least in terms of consequences (memory leak)

Here is the sample code to reproduce what I am trying to do (a https client request with certificate verification disabled)

#include <cpprest/http_client.h>

int main() {
  web::http::client::http_client_config lConfig;
  lConfig.set_validate_certificates(false);

  std::string lUrl = "https://google.com";
  web::http::client::http_client lHttpClient(lUrl, lConfig);
  web::http::http_request lGetRequest(web::http::methods::GET);

  try {
    lHttpClient.request(lGetRequest)
        .then([](const web::http::http_response &response) {
          if (response.status_code() == web::http::status_codes::OK) {
            std::cout << "OK" << std::endl;
          }
        })
        .wait();
  } catch (const std::exception &e) {
    std::cerr << e.what() << std::endl;
  }

  return 0;
}

In the environment I am working on the following versions are used: openssl-1.1.1b boost v1.65.0 cpprestsdk v2.10.16

I recompiled these 3 libraries with debug info to get more detailled backtraces with valgrind but I'm having troubles to analyze where it all comes from valgrind-logs.txt

The same code for a HTTP request does not report any leak.

I have also tried to upgrade the 3 libraries involved but without success (openssl-1.1.1t boost v1.84.0 cpprestsdk v2.10.19)

What do you thing of all this ? I have been wondering if there needs to be an extra call to cleanup the SSL environment (calling directly openssl functions) but I failed to reach a solution

Thanks