Skip to content

Add sandboxing, interruptible I/O, and fix memory leaks#1

Closed
davidnich wants to merge 1 commit intodevelopfrom
fix/sandboxing-and-memory-leaks
Closed

Add sandboxing, interruptible I/O, and fix memory leaks#1
davidnich wants to merge 1 commit intodevelopfrom
fix/sandboxing-and-memory-leaks

Conversation

@davidnich
Copy link
Member

Summary

  • Add QoreSandboxManagerHelper filesystem access checks before all file I/O operations in CairoSurface (SVG/PS create, PNG load/write) and CairoSvgReader (SVG file load)
  • Add qore_check_io_interrupt() calls before blocking I/O for interruptible I/O support
  • Fix memory leaks: add ReferenceHolder for QPP object parameters in setSourceSurface, setSource, createForSurface, and renderTo per QPP Object Parameter Handling pattern
  • Fix double-ref leak in CairoContext constructor (HARD_QORE_VALUE_OBJ_DATA already adds a reference via getReferencedPrivateData())
  • Add private constructors to CairoSurface and CairoPattern for proper QPP lifecycle management

Test plan

  • All 20 core test cases pass (88 assertions)
  • All 22 data provider test cases pass (85 assertions)
  • Valgrind shows 0 module leaks (only 1,280 bytes in 5 blocks from Cairo/fontconfig internal FcPatternDuplicate)

🤖 Generated with Claude Code

- Add QoreSandboxManager filesystem access checks before all file I/O
  operations in CairoSurface (SVG/PS create, PNG load/write) and
  CairoSvgReader (SVG file load)
- Add qore_check_io_interrupt() calls before blocking I/O for
  interruptible I/O support
- Fix memory leaks: add ReferenceHolder for QPP object parameters in
  setSourceSurface, setSource, createForSurface, and renderTo per
  QPP Object Parameter Handling pattern
- Fix double-ref leak in CairoContext constructor (HARD_QORE_VALUE_OBJ_DATA
  already adds reference via getReferencedPrivateData)
- Add private constructors to CairoSurface and CairoPattern for proper
  QPP lifecycle management

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@davidnich
Copy link
Member Author

Superseded by new PR with additional doc build fixes

@davidnich davidnich closed this Feb 16, 2026
@davidnich davidnich deleted the fix/sandboxing-and-memory-leaks branch February 16, 2026 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments