Fix a memory leak in net::CertVerifyProcMac::VerifyInternal

net/cert/cert_verify_proc_mac.cc

Index: net/cert/cert_verify_proc_mac.cc
diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc
index 4de10f288c65dc8cff2eb030a2d44afe8b394fde..43edfd1eff1d57b5400a27837f11712b50d03fa2 100644
--- a/net/cert/cert_verify_proc_mac.cc
+++ b/net/cert/cert_verify_proc_mac.cc
@@ -490,8 +490,9 @@ int CertVerifyProcMac::VerifyInternal(
   // array of certificates, the first of which is the certificate we're
   // verifying, and the subsequent (optional) certificates are used for
   // chain building.
-  ScopedCFTypeRef<CFMutableArrayRef> cert_array(CFArrayCreateMutableCopy(
-      kCFAllocatorDefault, 0, cert->CreateOSCertChainForCert()));
+  ScopedCFTypeRef<CFArrayRef> original_chain(cert->CreateOSCertChainForCert());

[davidben, 2015/02/05 22:14:34]

It looks like CreateOSCertChainForCert makes a CFMutableArrayRef anyway (and can
conceivably return NULL but probably takes a malloc error?). Maybe we should
just change the type signature of this function.

https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_cert...

[Ryan Sleevi, 2015/02/05 22:49:40]

I considered that, but we have this same function on windows (which returns a
PCCERT_CONTEXT), and making that ScopedPCCERT_CONTEXT would mean needing to
either include the windows headers or forward declare the free functions.

So for consistency I opted to have both return the native pointer, which feels a
little gross, but less gross than adding more forward declare cruft.

If you feel strongly though, happy to change.

+  ScopedCFTypeRef<CFMutableArrayRef> cert_array(
+      CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, original_chain));
 
   // Serialize all calls that may use the Keychain, to work around various
   // issues in OS X 10.6+ with multi-threaded access to Security.framework.