Avoid manual lifetime management of std::string

cdesouza-chromium · cdesouza-chromium · commit 2175a8ff1744 · 2025-06-09T19:02:10.000+01:00
This change touches several places in `Source` and `Storage` where
string was being passed as a pointer, with expectations for `delete` to
be called once done with the value. There may even be a case in Chromium
at the moment where one of these calls may be leaking memory due to how
the memory is expected to managed.

This change passes the string by value, and in cases where the value may
be omitted the string is wrapped on a `std::optional`.

Bug: 423542167
diff --git a/cpp/include/libaddressinput/null_storage.h b/cpp/include/libaddressinput/null_storage.h
@@ -35,7 +35,7 @@ class NullStorage : public Storage {
   ~NullStorage() override;
 
   // No-op.
-  void Put(const std::string& key, std::string* data) override;
+  void Put(const std::string& key, std::string data) override;
 
   // Always calls the |data_ready| callback function signaling failure.
   void Get(const std::string& key, const Callback& data_ready) const override;
diff --git a/cpp/include/libaddressinput/source.h b/cpp/include/libaddressinput/source.h
@@ -21,6 +21,7 @@
 
 #include <libaddressinput/callback.h>
 
+#include <optional>
 #include <string>
 
 namespace i18n {
@@ -41,7 +42,7 @@ namespace addressinput {
 class Source {
  public:
   using Callback =
-      i18n::addressinput::Callback<const std::string&, std::string*>;
+      i18n::addressinput::Callback<const std::string&, std::optional<std::string>>;
 
   virtual ~Source() = default;
 
diff --git a/cpp/include/libaddressinput/storage.h b/cpp/include/libaddressinput/storage.h
@@ -21,6 +21,7 @@
 #include <libaddressinput/callback.h>
 
 #include <string>
+#include <optional>
 
 namespace i18n {
 namespace addressinput {
@@ -45,13 +46,13 @@ namespace addressinput {
 class Storage {
  public:
   using Callback =
-      i18n::addressinput::Callback<const std::string&, std::string*>;
+      i18n::addressinput::Callback<const std::string&, std::optional<std::string>>;
 
   virtual ~Storage() = default;
 
   // Stores |data| for |key|, where |data| is an object allocated on the heap,
   // which Storage takes ownership of.
-  virtual void Put(const std::string& key, std::string* data) = 0;
+  virtual void Put(const std::string& key, std::string data) = 0;
 
   // Retrieves the data for |key| and invokes the |data_ready| callback.
   virtual void Get(const std::string& key,
diff --git a/cpp/src/null_storage.cc b/cpp/src/null_storage.cc
@@ -24,14 +24,11 @@ namespace addressinput {
 NullStorage::NullStorage() = default;
 NullStorage::~NullStorage() = default;
 
-void NullStorage::Put(const std::string& key, std::string* data) {
-  assert(data != nullptr);  // Sanity check.
-  delete data;
-}
+void NullStorage::Put(const std::string& key, std::string data) {}
 
 void NullStorage::Get(const std::string& key,
                       const Callback& data_ready) const {
-  data_ready(false, key, nullptr);
+  data_ready(false, key, std::nullopt);
 }
 
 }  // namespace addressinput
diff --git a/cpp/src/retriever.cc b/cpp/src/retriever.cc
@@ -56,38 +56,35 @@ class Helper {
 
   void OnValidatedDataReady(bool success,
                             const std::string& key,
-                            std::string* data) {
+                            std::optional<std::string> data) {
     if (success) {
-      assert(data != nullptr);
+      assert(data != std::nullopt);
       retrieved_(success, key, *data);
       delete this;
     } else {
       // Validating storage returns (false, key, stale-data) for valid but stale
       // data. If |data| is empty, however, then it's either missing or invalid.
-      if (data != nullptr && !data->empty()) {
-        stale_data_ = *data;
+      if (data.has_value() && !data->empty()) {
+        stale_data_ = std::move(data).value();
       }
       source_.Get(key, *fresh_data_ready_);
     }
-    delete data;
   }
 
   void OnFreshDataReady(bool success,
                         const std::string& key,
-                        std::string* data) {
+                        std::optional<std::string> data) {
     if (success) {
-      assert(data != nullptr);
+      assert(data.has_value());
       retrieved_(true, key, *data);
-      storage_->Put(key, data);
-      data = nullptr;  // Deleted by Storage::Put().
+      storage_->Put(key, std::move(data).value());
     } else if (!stale_data_.empty()) {
       // Reuse the stale data if a download fails. It's better to have slightly
       // outdated validation rules than to suddenly lose validation ability.
       retrieved_(true, key, stale_data_);
     } else {
       retrieved_(false, key, std::string());
     }
-    delete data;
     delete this;
   }
 
diff --git a/cpp/src/validating_storage.cc b/cpp/src/validating_storage.cc
@@ -51,20 +51,18 @@ class Helper {
 
   void OnWrappedDataReady(bool success,
                           const std::string& key,
-                          std::string* data) {
+                          std::optional<std::string> data) {
     if (success) {
-      assert(data != nullptr);
+      assert(data != std::nullopt);
       bool is_stale =
-          !ValidatingUtil::UnwrapTimestamp(data, std::time(nullptr));
-      bool is_corrupted = !ValidatingUtil::UnwrapChecksum(data);
+          !ValidatingUtil::UnwrapTimestamp(&*data, std::time(nullptr));
+      bool is_corrupted = !ValidatingUtil::UnwrapChecksum(&*data);
       success = !is_corrupted && !is_stale;
       if (is_corrupted) {
-        delete data;
-        data = nullptr;
+        data = std::nullopt;
       }
     } else {
-      delete data;
-      data = nullptr;
+      data = std::nullopt;
     }
     data_ready_(success, key, data);
     delete this;
@@ -83,10 +81,9 @@ ValidatingStorage::ValidatingStorage(Storage* storage)
 
 ValidatingStorage::~ValidatingStorage() = default;
 
-void ValidatingStorage::Put(const std::string& key, std::string* data) {
-  assert(data != nullptr);
-  ValidatingUtil::Wrap(std::time(nullptr), data);
-  wrapped_storage_->Put(key, data);
+void ValidatingStorage::Put(const std::string& key, std::string data) {
+  ValidatingUtil::Wrap(std::time(nullptr), &data);
+  wrapped_storage_->Put(key, std::move(data));
 }
 
 void ValidatingStorage::Get(const std::string& key,
diff --git a/cpp/src/validating_storage.h b/cpp/src/validating_storage.h
@@ -44,7 +44,7 @@ class ValidatingStorage : public Storage {
   ~ValidatingStorage() override;
 
   // Storage implementation.
-  void Put(const std::string& key, std::string* data) override;
+  void Put(const std::string& key, std::string data) override;
 
   // Storage implementation.
   // If the data is invalid, then |data_ready| will be called with (false, key,
diff --git a/cpp/test/fake_storage.cc b/cpp/test/fake_storage.cc
@@ -23,19 +23,13 @@ namespace addressinput {
 
 FakeStorage::FakeStorage() = default;
 
-FakeStorage::~FakeStorage() {
-  for (const auto& pair : data_) {
-    delete pair.second;
-  }
-}
+FakeStorage::~FakeStorage() = default;
 
-void FakeStorage::Put(const std::string& key, std::string* data) {
-  assert(data != nullptr);
-  auto result = data_.emplace(key, data);
+void FakeStorage::Put(const std::string& key, std::string data) {
+  auto result = data_.emplace(key, std::move(data));
   if (!result.second) {
     // Replace data in existing entry for this key.
-    delete result.first->second;
-    result.first->second = data;
+    result.first->second = std::move(data);
   }
 }
 
@@ -44,7 +38,7 @@ void FakeStorage::Get(const std::string& key,
   auto data_it = data_.find(key);
   bool success = data_it != data_.end();
   data_ready(success, key,
-             success ? new std::string(*data_it->second) : nullptr);
+             success ? std::make_optional<std::string>(data_it->second) : std::nullopt);
 }
 
 }  // namespace addressinput
diff --git a/cpp/test/fake_storage.h b/cpp/test/fake_storage.h
@@ -65,11 +65,11 @@ class FakeStorage : public Storage {
   ~FakeStorage() override;
 
   // Storage implementation.
-  void Put(const std::string& key, std::string* data) override;
+  void Put(const std::string& key, std::string data) override;
   void Get(const std::string& key, const Callback& data_ready) const override;
 
  private:
-  std::map<std::string, std::string*> data_;
+  std::map<std::string, std::string> data_;
 };
 
 }  // namespace addressinput
diff --git a/cpp/test/fake_storage_test.cc b/cpp/test/fake_storage_test.cc
@@ -50,13 +50,12 @@ class FakeStorageTest : public testing::Test {
   const std::unique_ptr<const Storage::Callback> data_ready_;
 
  private:
-  void OnDataReady(bool success, const std::string& key, std::string* data) {
-    ASSERT_FALSE(success && data == nullptr);
+  void OnDataReady(bool success, const std::string& key, std::optional<std::string> data) {
+    ASSERT_FALSE(success && !data.has_value());
     success_ = success;
     key_ = key;
-    if (data != nullptr) {
-      data_ = *data;
-      delete data;
+    if (data.has_value()) {
+      data_ = std::move(data).value();
     }
   }
 };
@@ -70,7 +69,7 @@ TEST_F(FakeStorageTest, GetWithoutPutReturnsEmptyData) {
 }
 
 TEST_F(FakeStorageTest, GetReturnsWhatWasPut) {
-  storage_.Put("key", new std::string("value"));
+  storage_.Put("key", std::string("value"));
   storage_.Get("key", *data_ready_);
 
   EXPECT_TRUE(success_);
@@ -79,8 +78,8 @@ TEST_F(FakeStorageTest, GetReturnsWhatWasPut) {
 }
 
 TEST_F(FakeStorageTest, SecondPutOverwritesData) {
-  storage_.Put("key", new std::string("bad-value"));
-  storage_.Put("key", new std::string("good-value"));
+  storage_.Put("key", std::string("bad-value"));
+  storage_.Put("key", std::string("good-value"));
   storage_.Get("key", *data_ready_);
 
   EXPECT_TRUE(success_);
diff --git a/cpp/test/mock_source.cc b/cpp/test/mock_source.cc
@@ -26,7 +26,7 @@ MockSource::~MockSource() = default;
 void MockSource::Get(const std::string& key, const Callback& data_ready) const {
   auto it = data_.find(key);
   bool success = it != data_.end();
-  data_ready(success, key, success ? new std::string(it->second) : nullptr);
+  data_ready(success, key, success ? it->second : std::optional<std::string>());
 }
 
 }  // namespace addressinput
diff --git a/cpp/test/null_storage_test.cc b/cpp/test/null_storage_test.cc
@@ -47,13 +47,12 @@ class NullStorageTest : public testing::Test {
   static const char kKey[];
 
  private:
-  void OnDataReady(bool success, const std::string& key, std::string* data) {
-    ASSERT_FALSE(success && data == nullptr);
+  void OnDataReady(bool success, const std::string& key, std::optional<std::string> data) {
+    ASSERT_FALSE(success && !data.has_value());
     success_ = success;
     key_ = key;
-    if (data != nullptr) {
-      data_ = *data;
-      delete data;
+    if (data.has_value()) {
+      data_ = std::move(data).value();
     }
   }
 };
@@ -63,7 +62,7 @@ const char NullStorageTest::kKey[] = "foo";
 TEST_F(NullStorageTest, Put) {
   // The Put() method should not do anything, so this test only tests that the
   // code compiles and that the call doesn't crash.
-  storage_.Put(kKey, new std::string("bar"));
+  storage_.Put(kKey, "bar");
 }
 
 TEST_F(NullStorageTest, Get) {
diff --git a/cpp/test/retriever_test.cc b/cpp/test/retriever_test.cc
@@ -134,13 +134,11 @@ class StaleStorage : public Storage {
 
   // Storage implementation.
   void Get(const std::string& key, const Callback& data_ready) const override {
-    data_ready(true, key, new std::string(kStaleWrappedData));
+    data_ready(true, key, kStaleWrappedData);
   }
 
-  void Put(const std::string& key, std::string* value) override {
-    ASSERT_TRUE(value != nullptr);
+  void Put(const std::string& key, std::string data) override {
     data_updated_ = true;
-    delete value;
   }
 
   bool data_updated_;
diff --git a/cpp/test/testdata_source.cc b/cpp/test/testdata_source.cc
@@ -155,16 +155,16 @@ void TestdataSource::Get(const std::string& key,
   prefixed_key += key;
   auto data_it = GetData(src_path_).find(prefixed_key);
   bool success = data_it != GetData(src_path_).end();
-  std::string* data = nullptr;
+  std::optional<std::string> data;
   if (success) {
-    data = new std::string(data_it->second);
+    data = data_it->second;
   } else {
     // URLs that start with "https://chromium-i18n.appspot.com/ssl-address/" or
     // "https://chromium-i18n.appspot.com/ssl-aggregate-address/" prefix, but do
     // not have associated data will always return "{}" with status code 200.
     // TestdataSource imitates this behavior.
     success = true;
-    data = new std::string("{}");
+    data = "{}";
   }
   data_ready(success, key, data);
 }
diff --git a/cpp/test/testdata_source_test.cc b/cpp/test/testdata_source_test.cc
@@ -60,13 +60,12 @@ class TestdataSourceTest : public testing::TestWithParam<std::string> {
   const std::unique_ptr<const Source::Callback> data_ready_;
 
  private:
-  void OnDataReady(bool success, const std::string& key, std::string* data) {
-    ASSERT_FALSE(success && data == nullptr);
+  void OnDataReady(bool success, const std::string& key, std::optional<std::string> data) {
+    ASSERT_FALSE(success && !data.has_value());
     success_ = success;
     key_ = key;
-    if (data != nullptr) {
-      data_ = *data;
-      delete data;
+    if (data.has_value()) {
+      data_ = std::move(data).value();
     }
   }
 };
diff --git a/cpp/test/validating_storage_test.cc b/cpp/test/validating_storage_test.cc
@@ -66,19 +66,18 @@ class ValidatingStorageTest : public testing::Test {
   const std::unique_ptr<const ValidatingStorage::Callback> data_ready_;
 
  private:
-  void OnDataReady(bool success, const std::string& key, std::string* data) {
-    ASSERT_FALSE(success && data == nullptr);
+  void OnDataReady(bool success, const std::string& key, std::optional<std::string> data) {
+    ASSERT_FALSE(success && !data.has_value());
     success_ = success;
     key_ = key;
-    if (data != nullptr) {
-      data_ = *data;
-      delete data;
+    if (data.has_value()) {
+      data_ = std::move(data).value();
     }
   }
 };
 
 TEST_F(ValidatingStorageTest, GoodData) {
-  storage_.Put(kKey, new std::string(kValidatedData));
+  storage_.Put(kKey, kValidatedData);
   storage_.Get(kKey, *data_ready_);
 
   EXPECT_TRUE(success_);
@@ -87,7 +86,7 @@ TEST_F(ValidatingStorageTest, GoodData) {
 }
 
 TEST_F(ValidatingStorageTest, EmptyData) {
-  storage_.Put(kKey, new std::string(kEmptyData));
+  storage_.Put(kKey, kEmptyData);
   storage_.Get(kKey, *data_ready_);
 
   EXPECT_TRUE(success_);
@@ -104,8 +103,8 @@ TEST_F(ValidatingStorageTest, MissingKey) {
 }
 
 TEST_F(ValidatingStorageTest, GarbageData) {
-  storage_.Put(kKey, new std::string(kValidatedData));
-  wrapped_storage_->Put(kKey, new std::string("garbage"));
+  storage_.Put(kKey, kValidatedData);
+  wrapped_storage_->Put(kKey, "garbage");
   storage_.Get(kKey, *data_ready_);
 
   EXPECT_FALSE(success_);
@@ -114,8 +113,8 @@ TEST_F(ValidatingStorageTest, GarbageData) {
 }
 
 TEST_F(ValidatingStorageTest, StaleData) {
-  storage_.Put(kKey, new std::string(kValidatedData));
-  wrapped_storage_->Put(kKey, new std::string(kStaleWrappedData));
+  storage_.Put(kKey, kValidatedData);
+  wrapped_storage_->Put(kKey, kStaleWrappedData);
   storage_.Get(kKey, *data_ready_);
 
   EXPECT_FALSE(success_);
