[dart:io] Eagerly deallocate SSLFilter internals

runtime/bin/secure_socket_boringssl.cc

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED)
 
 #include "platform/globals.h"
 #if defined(TARGET_OS_ANDROID) || defined(TARGET_OS_LINUX) ||                  \
     defined(TARGET_OS_WINDOWS) || defined(TARGET_OS_FUCHSIA)
 
@@ skipping 243 matching lines @@
   ASSERT(!Dart_IsNull(protocols_handle));
 
   GetFilter(args)->Connect(host_name, context->context(), is_server,
                            request_client_certificate,
                            require_client_certificate, protocols_handle);
 }
 
 
 void FUNCTION_NAME(SecureSocket_Destroy)(Dart_NativeArguments args) {
   SSLFilter* filter = GetFilter(args);
-  // The SSLFilter is deleted in the finalizer for the Dart object created by
-  // SetFilter. There is no need to NULL-out the native field for the SSLFilter
-  // here because the SSLFilter won't be deleted until the finalizer for the
-  // Dart object runs while the Dart object is being GCd. This approach avoids a
-  // leak if Destroy isn't called, and avoids a NULL-dereference if Destroy is
-  // called more than once.
+  // There are two paths that can clean up an SSLFilter object. First,
+  // there is this explicit call to Destroy(), called from
+  // _SecureFilter.destroy() in Dart code. After a call to destroy(), the Dart
+  // code maintains the invariant that there will be no futher SSLFilter
+  // requests sent to the IO Service. Therefore, the internals of the SSLFilter
+  // are safe to deallocate, but not the SSLFilter itself, which is already
+  // set up to be cleaned up by the finalizer.
+  //
+  // The second path is through the finalizer, which we have to do in case
+  // some mishap prevents a call to _SecureFilter.destroy().
   filter->Destroy();
 }
 
 
 void FUNCTION_NAME(SecureSocket_Handshake)(Dart_NativeArguments args) {
   GetFilter(args)->Handshake();
 }
 
 
 void FUNCTION_NAME(SecureSocket_GetSelectedProtocol)(
@@ skipping 1374 matching lines @@
                             bool require_client_certificate) {
   // The SSL_REQUIRE_CERTIFICATE option only takes effect if the
   // SSL_REQUEST_CERTIFICATE option is also set, so set it.
   request_client_certificate =
       request_client_certificate || require_client_certificate;
   // TODO(24070, 24069): Implement setting the client certificate parameters,
   //   and triggering rehandshake.
 }
 
 
-SSLFilter::~SSLFilter() {
+void SSLFilter::FreeResources() {
   if (ssl_ != NULL) {
     SSL_free(ssl_);
     ssl_ = NULL;
   }
   if (socket_side_ != NULL) {
     BIO_free(socket_side_);
     socket_side_ = NULL;
   }
   if (hostname_ != NULL) {
     free(hostname_);
     hostname_ = NULL;
   }
   for (int i = 0; i < kNumBuffers; ++i) {
     if (buffers_[i] != NULL) {
       delete[] buffers_[i];
       buffers_[i] = NULL;
     }
   }
 }
 
 
+SSLFilter::~SSLFilter() {
+  FreeResources();
+}
+
+
 void SSLFilter::Destroy() {
   for (int i = 0; i < kNumBuffers; ++i) {
     if (dart_buffer_objects_[i] != NULL) {
       Dart_DeletePersistentHandle(dart_buffer_objects_[i]);
       dart_buffer_objects_[i] = NULL;
     }
   }
   if (string_start_ != NULL) {
     Dart_DeletePersistentHandle(string_start_);
     string_start_ = NULL;
   }
   if (string_length_ != NULL) {
     Dart_DeletePersistentHandle(string_length_);
     string_length_ = NULL;
   }
   if (handshake_complete_ != NULL) {
     Dart_DeletePersistentHandle(handshake_complete_);
     handshake_complete_ = NULL;
   }
   if (bad_certificate_callback_ != NULL) {
     Dart_DeletePersistentHandle(bad_certificate_callback_);
     bad_certificate_callback_ = NULL;
   }
+  FreeResources();
 }
 
 
 /* Read decrypted data from the filter to the circular buffer */
 int SSLFilter::ProcessReadPlaintextBuffer(int start, int end) {
   int length = end - start;
   int bytes_processed = 0;
   if (length > 0) {
     bytes_processed = SSL_read(
         ssl_, reinterpret_cast<char*>((buffers_[kReadPlaintext] + start)),
@@ skipping 67 matching lines @@
   return bytes_processed;
 }
 
 }  // namespace bin
 }  // namespace dart
 
 #endif  // defined(TARGET_OS_LINUX)
 
 #endif  // !defined(DART_IO_DISABLED) &&
         // !defined(DART_IO_SECURE_SOCKET_DISABLED)