cleanup supp files

Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>
Merge branch 'develop' into pratik/Fix_asan_lsan_flagged_issues
2026-01-19 14:15:23 +00:00 · 2026-01-16 13:31:19 +00:00 · 2026-01-16 13:25:11 +00:00 · 2026-01-07 16:51:00 +00:00 · 2026-01-07 16:43:59 +00:00 · 2026-01-07 16:06:38 +00:00
7 changed files with 32 additions and 22 deletions
--- a/.github/workflows/reusable-build-test-config.yml
+++ b/.github/workflows/reusable-build-test-config.yml
@@ -226,6 +226,7 @@ jobs:
        working-directory: ${{ runner.os == 'Windows' && format('{0}/{1}', env.BUILD_DIR, inputs.build_type) || env.BUILD_DIR }}
        env:
          BUILD_NPROC: ${{ steps.nproc.outputs.nproc }}
+          PREFIX: ${{ (runner.arch == 'X64' && env.ENABLED_SANITIZERS == 'true') && 'setarch x86_64 -R' || '' }}
        run: |
          ./xrpld --unittest --unittest-jobs "${BUILD_NPROC}"

--- a/conanfile.py
+++ b/conanfile.py
@@ -1,4 +1,5 @@
 import re
+import os

 from conan.tools.cmake import CMake, CMakeToolchain, cmake_layout

@@ -126,6 +127,12 @@ class Xrpl(ConanFile):
        if self.settings.compiler in ["clang", "gcc"]:
            self.options["boost"].without_cobalt = True

+        # Check if environment variable exists
+        if "SANITIZERS" in os.environ:
+            sanitizers = os.environ["SANITIZERS"]
+            if "Address" in sanitizers:
+                self.default_options["fPIC"] = False
+
    def requirements(self):
        # Conan 2 requires transitive headers to be specified
        transitive_headers_opt = (
--- a/include/xrpl/net/HTTPClient.h
+++ b/include/xrpl/net/HTTPClient.h
@@ -30,6 +30,9 @@ public:
        bool sslVerify,
        beast::Journal j);

+    static void
+    cleanupSSLContext();
+
    static void
    get(bool bSSL,
        boost::asio::io_context& io_context,
--- a/sanitizers/suppressions/asan.supp
+++ b/sanitizers/suppressions/asan.supp
@@ -1,6 +1,6 @@
-# The idea is to empty this file gradually by fixing the underlying issues and removing suppressions.
+# The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.
 #
-# ASAN_OPTIONS="print_stacktrace=1:detect_container_overflow=0:suppressions=sanitizers/suppressions/asan.supp:halt_on_error=0"
+# ASAN_OPTIONS="detect_container_overflow=0:suppressions=sanitizers/suppressions/asan.supp:halt_on_error=0"
 #
 # The detect_container_overflow=0 option disables false positives from:
 # - Boost intrusive containers (slist_iterator.hpp, hashtable.hpp, aged_unordered_container.h)
@@ -11,15 +11,6 @@
 # Boost
 interceptor_name:boost/asio

-# Leaks in Doctest tests: xrpl.test.*
-interceptor_name:src/libxrpl/net/HTTPClient.cpp
-interceptor_name:src/libxrpl/net/RegisterSSLCerts.cpp
-interceptor_name:src/tests/libxrpl/net/HTTPClient.cpp
-interceptor_name:xrpl/net/AutoSocket.h
-interceptor_name:xrpl/net/HTTPClient.h
-interceptor_name:xrpl/net/HTTPClientSSLContext.h
-interceptor_name:xrpl/net/RegisterSSLCerts.h
-
 # Suppress false positive stack-buffer errors in thread stack allocation
 # Related to ASan's __asan_handle_no_return warnings (github.com/google/sanitizers/issues/189)
 # These occur during multi-threaded test initialization on macOS
--- a/sanitizers/suppressions/lsan.supp
+++ b/sanitizers/suppressions/lsan.supp
@@ -1,16 +1,12 @@
 # The idea is to empty this file gradually by fixing the underlying issues and removing suppresions.

-# Suppress leaks detected by asan in rippled code.
-leak:src/libxrpl/net/HTTPClient.cpp
-leak:src/libxrpl/net/RegisterSSLCerts.cpp
-leak:src/tests/libxrpl/net/HTTPClient.cpp
-leak:xrpl/net/AutoSocket.h
-leak:xrpl/net/HTTPClient.h
-leak:xrpl/net/HTTPClientSSLContext.h
-leak:xrpl/net/RegisterSSLCerts.h
-leak:ripple::HTTPClient
-leak:ripple::HTTPClientImp
-
 # Suppress leaks detected by asan in boost code.
+# These are false positives from Boost.Asio SSL internals that use OpenSSL BIO structures.
+# The BIO structures are managed by OpenSSL's internal reference counting and freed at process exit.
 leak:boost::asio
 leak:boost/asio
+
+# OpenSSL BIO memory is managed internally and freed at process exit
+leak:CRYPTO_malloc
+leak:bio_make_pair
+leak:BIO_new_bio_pair
--- a/src/libxrpl/net/HTTPClient.cpp
+++ b/src/libxrpl/net/HTTPClient.cpp
@@ -26,6 +26,12 @@ HTTPClient::initializeSSLContext(
    httpClientSSLContext.emplace(sslVerifyDir, sslVerifyFile, sslVerify, j);
 }

+void
+HTTPClient::cleanupSSLContext()
+{
+    httpClientSSLContext.reset();
+}
+
 //------------------------------------------------------------------------------
 //
 // Fetch a web page via http or https.
--- a/src/tests/libxrpl/net/HTTPClient.cpp
+++ b/src/tests/libxrpl/net/HTTPClient.cpp
@@ -254,6 +254,9 @@ TEST(HTTPClient, case_insensitive_content_length)
        EXPECT_EQ(result_status, 200);
        EXPECT_EQ(result_data, test_body);
    }
+
+    // Clean up SSL context to prevent memory leaks
+    HTTPClient::cleanupSSLContext();
 }

 TEST(HTTPClient, basic_http_request)
@@ -324,4 +327,7 @@ TEST(HTTPClient, different_status_codes)
        EXPECT_FALSE(result_error);
        EXPECT_EQ(result_status, static_cast<int>(status));
    }
+
+    // Clean up SSL context to prevent memory leaks
+    HTTPClient::cleanupSSLContext();
 }