Skip to content

fix(sandbox): eliminate Box::leak memory leak in rewrite_forward_request#715

Merged
johntmyers merged 1 commit intomainfrom
fix/sandbox-box-leak-forward-request
Apr 1, 2026
Merged

fix(sandbox): eliminate Box::leak memory leak in rewrite_forward_request#715
johntmyers merged 1 commit intomainfrom
fix/sandbox-box-leak-forward-request

Conversation

@johntmyers
Copy link
Copy Markdown
Collaborator

@johntmyers johntmyers commented Mar 31, 2026

Summary

  • Remove Box::leak in rewrite_forward_request that permanently leaked one String allocation per forward proxy request, causing unbounded RSS growth on long-running sandboxes
  • Write the rewritten request line directly to the output buffer during iteration, eliminating the need to mutate a Vec<&str> element with a leaked &'static str

Related Issue

Closes #709

Changes

crates/openshell-sandbox/src/proxy.rsrewrite_forward_request function:

  • Removed the Box::leak(new_line.into_boxed_str()) block that mutated lines[0] with a permanently leaked allocation
  • Made lines immutable (removed mut)
  • Moved the request-line rewrite (METHOD absolute-uri HTTP/1.1METHOD path HTTP/1.1) into the output-building loop, writing method/path/version parts directly via extend_from_slice
  • Added fallback else branch for malformed request lines (passes through unchanged)

Testing

  • cargo check -p openshell-sandbox — clean
  • cargo test -p openshell-sandbox -- proxy — 84/84 pass
  • mise run pre-commit — all checks pass (pre-existing license header issue on unrelated file)

Checklist

  • Change is scoped to the issue
  • Existing tests cover the modified code path
  • Pre-commit checks pass
  • No secrets or credentials included

@johntmyers
fix(sandbox): eliminate Box::leak memory leak in rewrite_forward_request
a6958eb 
Remove Box::leak usage that permanently leaked one String allocation per
forward proxy request. Write the rewritten request line directly to the
output buffer during iteration instead of mutating a Vec<&str> element.

Closes #709
@johntmyers johntmyers requested a review from a team as a code owner March 31, 2026 22:20
@johntmyers johntmyers self-assigned this Mar 31, 2026
@johntmyers johntmyers added the test:e2e Requires end-to-end coverage label Mar 31, 2026
@johntmyers johntmyers merged commit 9c8d6c7 into main Apr 1, 2026
13 checks passed
@johntmyers johntmyers deleted the fix/sandbox-box-leak-forward-request branch April 1, 2026 02:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pimlock pimlock pimlock approved these changes

Assignees

@johntmyers johntmyers

Labels

test:e2e Requires end-to-end coverage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(sandbox): Box::leak memory leak in rewrite_forward_request

2 participants

@johntmyers @pimlock