Fix XML::Writer.string buffer leak

[jcalvert]

Summary

XML::Writer.string leaks the xmlBuffer allocated by xmlBufferCreate on every instance. The buffer is never freed because the xmlBufferFree call in rxml_writer_free is disabled by #if 0.

Root Cause

In ext/libxml/ruby_xml_writer.c, the GC finalizer rxml_writer_free (line 44) has the xmlBufferFree call commented out:

static void rxml_writer_free(rxml_writer_object* rwo)
{
#if 0 /* seems to be done by xmlFreeTextWriter */
    if (NULL != rwo->buffer)
    {
        xmlBufferFree(rwo->buffer);
    }
#endif

    rwo->closed = 1;
    xmlFreeTextWriter(rwo->writer);
    xfree(rwo);
}

The comment "seems to be done by xmlFreeTextWriter" is incorrect. xmlFreeTextWriter calls xmlOutputBufferClose which frees the xmlOutputBuffer wrapper, but does NOT free the underlying xmlBuffer that was passed to xmlNewTextWriterMemory. The libxml2 documentation for xmlNewTextWriterMemory does not state that the caller's buffer is adopted — unlike xmlNewTextWriter which explicitly notes "the out parameter will be deallocated when the writer is closed."

The buffer is allocated at line 168:

rwo->buffer = xmlBufferCreate()

And passed to libxml2 at line 172:

rwo->writer = xmlNewTextWriterMemory(rwo->buffer, 0)

When the Ruby GC collects the Writer, rxml_writer_free runs, xmlFreeTextWriter frees the writer and its output buffer, but rwo->buffer is leaked.

Fix

Re-enable xmlBufferFree in rxml_writer_free. The buffer pointer is saved before calling xmlFreeTextWriter in case the writer modifies the struct during cleanup:

static void rxml_writer_free(rxml_writer_object* rwo)
{
    xmlBufferPtr buffer = rwo->buffer;

    rwo->closed = 1;
    xmlFreeTextWriter(rwo->writer);

    if (NULL != buffer)
    {
        xmlBufferFree(buffer);
    }

    xfree(rwo);
}

The order matters: xmlFreeTextWriter must run first to flush pending output to the buffer, then the buffer is freed.

Test

Add a regression in test/test_writer.rb that repeatedly creates XML::Writer.string instances, forces GC between rounds, and asserts RSS stays flat after warm-up.

Without the fix, RSS kept growing across rounds. With the fix, it stabilizes.

Verification

• bundle exec ruby -Itest test/test_writer.rb
• bundle exec ruby -Itest test/test_xml.rb

[cfis]

Is there a reason to reverse the order?

[jcalvert]

Yes — the order is intentionally reversed from the original #if 0 code. xmlFreeTextWriter internally calls xmlOutputBufferClose, which can flush pending output to the buffer during cleanup. Freeing the buffer first (as in the old disabled code) would be a use-after-free. By saving the buffer pointer beforehand and calling xmlBufferFree only after xmlFreeTextWriter completes, we ensure the writer has fully shut down

[cfis]

Got it - thanks.

[cfis]

Thanks - left one comment.

[cfis]

For some reason tests are totally broken now, so I would like to look at that before merging this PR.

[jcalvert]

For some reason tests are totally broken now, so I would like to look at that before merging this PR.

I looked at these and added two commits: one was that the the libdir directive in the Rakefile had a regex that would only match a single digit and since 3.2 and 3.3 have patch digits 11 it would fail and the .so file isn't in the right place.

The other was deprecated minitest assertion - if you want to assert something is nil you have to explicitly use assert_nil

I think both of these issues are pre-existing to my changes but hopefully this is helpful. The Windows builds were failing at least as far back as #220

[cfis]

I agree they were pre-existing, still need to be fixed. I was going to address separately. But thanks for looking. I will just merge this now, and then if you want to get the rest of the tests working that would be great. Otherwise I will take a look.

[jcalvert]

I agree they were pre-existing, still need to be fixed. I was going to address separately. But thanks for looking. I will just merge this now, and then if you want to get the rest of the tests working that would be great. Otherwise I will take a look.

sorry line 75 should have been assert_nil(LibXML::XML::Error.get_handler)