From 0d3271328e7afdb90246014668c79f2e92a770bb Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 05:59:13 -0700 Subject: [PATCH 01/11] Remove hardcoded v143 toolset from vcpkg triplets All triplets now auto-detect the platform toolset from the current VS installation instead of requiring v143 specifically. This matches the pattern already used by arm64-windows-static-cbt.cmake and allows builds to work on both VS 2022 (v143) and VS 2025 (v145). Also fixes arm64-windows-static-cbt-asan.cmake which inconsistently hardcoded v143 while its non-asan counterpart did not. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- vcpkg_triplets/arm64-windows-static-cbt-asan.cmake | 2 +- vcpkg_triplets/x64-windows-static-cbt-asan.cmake | 2 +- vcpkg_triplets/x64-windows-static-cbt.cmake | 2 +- vcpkg_triplets/x86-windows-static-cbt-asan.cmake | 2 +- vcpkg_triplets/x86-windows-static-cbt.cmake | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vcpkg_triplets/arm64-windows-static-cbt-asan.cmake b/vcpkg_triplets/arm64-windows-static-cbt-asan.cmake index 12a608a7..b1fa03c3 100644 --- a/vcpkg_triplets/arm64-windows-static-cbt-asan.cmake +++ b/vcpkg_triplets/arm64-windows-static-cbt-asan.cmake @@ -1,7 +1,7 @@ set(VCPKG_TARGET_ARCHITECTURE arm64) set(VCPKG_CRT_LINKAGE dynamic) set(VCPKG_LIBRARY_LINKAGE static) -set(VCPKG_PLATFORM_TOOLSET v143) +# VCPKG_PLATFORM_TOOLSET not set - auto-detect from the current VS installation # Unfortunately we have to workaround an issue introduced in Visual Studio 17.10 where due to a change in mutex a break in the ABI seems to exist # https://github.com/microsoft/STL/releases/tag/vs-2022-17.10 # Fixed mutex's constructor to be constexpr. #3824 #4000 #4339 diff --git a/vcpkg_triplets/x64-windows-static-cbt-asan.cmake b/vcpkg_triplets/x64-windows-static-cbt-asan.cmake index 60f13d38..34a4e4b5 100644 --- a/vcpkg_triplets/x64-windows-static-cbt-asan.cmake +++ b/vcpkg_triplets/x64-windows-static-cbt-asan.cmake @@ -1,7 +1,7 @@ set(VCPKG_TARGET_ARCHITECTURE x64) set(VCPKG_CRT_LINKAGE dynamic) set(VCPKG_LIBRARY_LINKAGE static) -set(VCPKG_PLATFORM_TOOLSET v143) +# VCPKG_PLATFORM_TOOLSET not set - auto-detect from the current VS installation # Unfortunately we have to workaround an issue introduced in Visual Studio 17.10 where due to a change in mutex a break in the ABI seems to exist # https://github.com/microsoft/STL/releases/tag/vs-2022-17.10 # Fixed mutex's constructor to be constexpr. #3824 #4000 #4339 diff --git a/vcpkg_triplets/x64-windows-static-cbt.cmake b/vcpkg_triplets/x64-windows-static-cbt.cmake index 8b352cdf..0b3017ed 100644 --- a/vcpkg_triplets/x64-windows-static-cbt.cmake +++ b/vcpkg_triplets/x64-windows-static-cbt.cmake @@ -1,7 +1,7 @@ set(VCPKG_TARGET_ARCHITECTURE x64) set(VCPKG_CRT_LINKAGE dynamic) set(VCPKG_LIBRARY_LINKAGE static) -set(VCPKG_PLATFORM_TOOLSET v143) +# VCPKG_PLATFORM_TOOLSET not set - auto-detect from the current VS installation # Unfortunately we have to workaround an issue introduced in Visual Studio 17.10 where due to a change in mutex a break in the ABI seems to exist # https://github.com/microsoft/STL/releases/tag/vs-2022-17.10 # Fixed mutex's constructor to be constexpr. #3824 #4000 #4339 diff --git a/vcpkg_triplets/x86-windows-static-cbt-asan.cmake b/vcpkg_triplets/x86-windows-static-cbt-asan.cmake index e744f686..985a0756 100644 --- a/vcpkg_triplets/x86-windows-static-cbt-asan.cmake +++ b/vcpkg_triplets/x86-windows-static-cbt-asan.cmake @@ -1,7 +1,7 @@ set(VCPKG_TARGET_ARCHITECTURE x86) set(VCPKG_CRT_LINKAGE dynamic) set(VCPKG_LIBRARY_LINKAGE static) -set(VCPKG_PLATFORM_TOOLSET v143) +# VCPKG_PLATFORM_TOOLSET not set - auto-detect from the current VS installation # Unfortunately we have to workaround an issue introduced in Visual Studio 17.10 where due to a change in mutex a break in the ABI seems to exist # https://github.com/microsoft/STL/releases/tag/vs-2022-17.10 # Fixed mutex's constructor to be constexpr. #3824 #4000 #4339 diff --git a/vcpkg_triplets/x86-windows-static-cbt.cmake b/vcpkg_triplets/x86-windows-static-cbt.cmake index aed23702..6345fc38 100644 --- a/vcpkg_triplets/x86-windows-static-cbt.cmake +++ b/vcpkg_triplets/x86-windows-static-cbt.cmake @@ -1,7 +1,7 @@ set(VCPKG_TARGET_ARCHITECTURE x86) set(VCPKG_CRT_LINKAGE dynamic) set(VCPKG_LIBRARY_LINKAGE static) -set(VCPKG_PLATFORM_TOOLSET v143) +# VCPKG_PLATFORM_TOOLSET not set - auto-detect from the current VS installation # Unfortunately we have to workaround an issue introduced in Visual Studio 17.10 where due to a change in mutex a break in the ABI seems to exist # https://github.com/microsoft/STL/releases/tag/vs-2022-17.10 # Fixed mutex's constructor to be constexpr. #3824 #4000 #4339 From c926a15014baaf5941fc2ed380b7d27efeca1b51 Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 07:38:40 -0700 Subject: [PATCH 02/11] Add Winsock VLD suppressions for false-positive leak reports Add WahInsertHandleContext and MesBufferHandleReset to the VLD IgnoreFunctionsList. These are Windows OS internal one-time caching allocations (Winsock handle context table entries and RPC computer name cache during DNS resolution) that VLD reports as leaks but are cleaned up by the OS at process exit. This fixes socket_transport_int CTest failures in Debug builds on VS 2025 / Windows Server 2025 pools. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- build_functions/default_vld.ini | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index c1861985..84dfdaeb 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -47,6 +47,8 @@ SkipCrtStartupLeaks = yes ; CryptEnumOIDFunction, CertOIDToAlgId, CryptMsgSignCTL, ; CryptMsgOpenToDecode: CRYPT32.dll OID/ASN1 caches ; - UuidFromStringA, UuidToStringA: RPCRT4.dll caches computer name via GetComputerNameExW +; - MesBufferHandleReset: RPCRT4.dll caches computer name during DNS resolution ; - SymLoadModuleExW, SymGetLineFromAddr64, SymFromAddr, GetSymLoadError: dbghelp.dll symbol caches ; - SortGetHandle, InternalLcidToName, GetNamedLocaleHashNode: kernel locale caches -IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode +; - WahInsertHandleContext: WS2_32.dll Winsock handle context hash table entries +IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,MesBufferHandleReset,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahInsertHandleContext From 56d6182f5fca2be961ff9103c35346932d21cec7 Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 07:40:20 -0700 Subject: [PATCH 03/11] Revert "Add Winsock VLD suppressions for false-positive leak reports" This reverts commit c926a15014baaf5941fc2ed380b7d27efeca1b51. --- build_functions/default_vld.ini | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index 84dfdaeb..c1861985 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -47,8 +47,6 @@ SkipCrtStartupLeaks = yes ; CryptEnumOIDFunction, CertOIDToAlgId, CryptMsgSignCTL, ; CryptMsgOpenToDecode: CRYPT32.dll OID/ASN1 caches ; - UuidFromStringA, UuidToStringA: RPCRT4.dll caches computer name via GetComputerNameExW -; - MesBufferHandleReset: RPCRT4.dll caches computer name during DNS resolution ; - SymLoadModuleExW, SymGetLineFromAddr64, SymFromAddr, GetSymLoadError: dbghelp.dll symbol caches ; - SortGetHandle, InternalLcidToName, GetNamedLocaleHashNode: kernel locale caches -; - WahInsertHandleContext: WS2_32.dll Winsock handle context hash table entries -IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,MesBufferHandleReset,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahInsertHandleContext +IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode From 7f17bc6edfceea2ba829d9db1802f6e70480b41e Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 07:42:11 -0700 Subject: [PATCH 04/11] Add Winsock/DNS VLD suppressions for false-positive leak reports Add WahInsertHandleContext (WS2_32.dll) and MesBufferHandleReset (RPCRT4.dll) to the VLD IgnoreFunctionsList. These are undocumented OS-internal functions chosen deliberately over their public callers (WSASocketW, accept, getaddrinfo, MesEncodeDynBufferHandleCreate) to avoid accidentally masking real application memory leaks. Both functions perform one-time process-lifetime caching allocations that the OS cleans up at exit. They are not called by application code, making them safe and precise suppression targets. Fixes socket_transport_int CTest false failures in Debug builds on VS 2025 / Windows Server 2025 build pools. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- build_functions/default_vld.ini | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index c1861985..76d5127c 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -49,4 +49,25 @@ SkipCrtStartupLeaks = yes ; - UuidFromStringA, UuidToStringA: RPCRT4.dll caches computer name via GetComputerNameExW ; - SymLoadModuleExW, SymGetLineFromAddr64, SymFromAddr, GetSymLoadError: dbghelp.dll symbol caches ; - SortGetHandle, InternalLcidToName, GetNamedLocaleHashNode: kernel locale caches -IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode +; +; Winsock / DNS false positives (observed on VS 2025 / Windows Server 2025): +; +; - WahInsertHandleContext: undocumented WS2_32.dll internal function. +; Inserts per-socket entries (256-byte blocks) into the Winsock helper +; (WAH) handle context hash table. These are process-lifetime allocations +; that the OS cleans up at process exit. They appear in every call stack +; that creates a socket (socket, WSASocketW, accept) or resolves DNS +; (getaddrinfo -> DNSAPI -> mswsock). Using this internal name rather +; than the public callers (WSASocketW, accept, getaddrinfo) avoids +; accidentally suppressing real application leaks in code that uses +; those public APIs. +; +; - MesBufferHandleReset: undocumented RPCRT4.dll internal function. +; Called during DNS name resolution to cache the local computer name +; via GetComputerNameExW -> MesEncodeDynBufferHandleCreate. This is a +; one-time 32-byte RPC serialization buffer allocation that persists +; for the process lifetime. Using this internal name is preferred over +; the public MesEncodeDynBufferHandleCreate because the latter could +; mask real leaks from intentional RPC serialization usage. +; +IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahInsertHandleContext,MesBufferHandleReset From 0c712c60455416c92b86eb47f1bebbd9f97080b9 Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 08:38:16 -0700 Subject: [PATCH 05/11] Add WahCreateHandleContextTable to VLD suppressions The previous VLD fix suppressed WahInsertHandleContext, but the actual leaking function observed in build 156660589 is WahCreateHandleContextTable. This is the function that creates the Winsock helper handle context hash table (2312-byte blocks via GlobalAlloc), called by WSAStartup and WSASocketW/socket. Both functions are now suppressed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- build_functions/default_vld.ini | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index 76d5127c..c8c027ea 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -52,16 +52,22 @@ SkipCrtStartupLeaks = yes ; ; Winsock / DNS false positives (observed on VS 2025 / Windows Server 2025): ; -; - WahInsertHandleContext: undocumented WS2_32.dll internal function. -; Inserts per-socket entries (256-byte blocks) into the Winsock helper -; (WAH) handle context hash table. These are process-lifetime allocations -; that the OS cleans up at process exit. They appear in every call stack -; that creates a socket (socket, WSASocketW, accept) or resolves DNS -; (getaddrinfo -> DNSAPI -> mswsock). Using this internal name rather -; than the public callers (WSASocketW, accept, getaddrinfo) avoids +; - WahCreateHandleContextTable: undocumented WS2_32.dll internal function. +; Creates the Winsock helper (WAH) handle context hash table (2312-byte +; blocks allocated via GlobalAlloc). Called by WSAStartup to initialize +; the process-wide table, and again via WSASocketW/socket/mswsock for +; provider-specific tables. These are process-lifetime allocations that +; the OS cleans up at process exit. Using this internal name rather +; than the public callers (WSAStartup, WSASocketW, socket) avoids ; accidentally suppressing real application leaks in code that uses ; those public APIs. ; +; - WahInsertHandleContext: undocumented WS2_32.dll internal function. +; Inserts per-socket entries (256-byte blocks) into the WAH handle +; context hash table created by WahCreateHandleContextTable. These +; appear in call stacks that create sockets or resolve DNS. Using this +; internal name avoids suppressing real leaks from public socket APIs. +; ; - MesBufferHandleReset: undocumented RPCRT4.dll internal function. ; Called during DNS name resolution to cache the local computer name ; via GetComputerNameExW -> MesEncodeDynBufferHandleCreate. This is a @@ -70,4 +76,4 @@ SkipCrtStartupLeaks = yes ; the public MesEncodeDynBufferHandleCreate because the latter could ; mask real leaks from intentional RPC serialization usage. ; -IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahInsertHandleContext,MesBufferHandleReset +IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahCreateHandleContextTable,WahInsertHandleContext,MesBufferHandleReset From a1ec5e840eccb4266b7969970bb31d19f51e2415 Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 08:39:29 -0700 Subject: [PATCH 06/11] Include GBALLOC_LL_TYPE in artifact name to avoid collision When multiple GBALLOC_LL_TYPE matrix jobs fail for the same build_configuration + ARCH_TYPE combination (e.g., Debug x64 PASSTHROUGH and Debug x64 JEMALLOC), they both tried to publish 'Debug_x64_artifacts', causing 'artifact already exists' error on the second job. Now includes the allocator type in the name: 'Debug_PASSTHROUGH_x64_artifacts' vs 'Debug_JEMALLOC_x64_artifacts'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- pipeline_templates/build_and_run_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pipeline_templates/build_and_run_tests.yml b/pipeline_templates/build_and_run_tests.yml index 1bc489bb..b7064845 100644 --- a/pipeline_templates/build_and_run_tests.yml +++ b/pipeline_templates/build_and_run_tests.yml @@ -251,10 +251,10 @@ jobs: repo_root: ${{ parameters.repo_root_override }} - task: PublishPipelineArtifact@1 - displayName: 'Publish ${{ parameters.ARCH_TYPE }} ${{ parameters.build_configuration}} Artifacts' + displayName: 'Publish ${{ parameters.ARCH_TYPE }} ${{ parameters.build_configuration}} ${{ parameters.GBALLOC_LL_TYPE }} Artifacts' inputs: targetPath: $(Build.BinariesDirectory) - artifactName: ${{ parameters.build_configuration}}_${{ parameters.ARCH_TYPE }}_artifacts + artifactName: ${{ parameters.build_configuration}}_${{ parameters.GBALLOC_LL_TYPE }}_${{ parameters.ARCH_TYPE }}_artifacts parallel: true condition: failed() From 907253039f0898e10280e76500b108fe3deed3bd Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 12:37:12 -0700 Subject: [PATCH 07/11] Add getaddrinfo to VLD IgnoreFunctionsList Suppress false positive from rasadhlp.dll one-time initialization during DNS resolution. When getaddrinfo is first called, WS2_32.dll dynamically loads rasadhlp.dll via LoadLibraryExA to enumerate namespace providers, which allocates 256-byte blocks that persist for the process lifetime. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- build_functions/default_vld.ini | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index c8c027ea..e2591297 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -76,4 +76,17 @@ SkipCrtStartupLeaks = yes ; the public MesEncodeDynBufferHandleCreate because the latter could ; mask real leaks from intentional RPC serialization usage. ; -IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahCreateHandleContextTable,WahInsertHandleContext,MesBufferHandleReset +; - getaddrinfo: public WS2_32.dll DNS resolution function. +; During the first call to getaddrinfo, the Winsock layer dynamically +; loads rasadhlp.dll (Remote Access Service Address Helper) via +; LoadLibraryExA to enumerate namespace providers. The rasadhlp.dll +; initialization allocates 256-byte blocks (via malloc) that persist +; for the process lifetime and are cleaned up at process exit by the +; OS. Unlike the WAH entries above, these allocations originate from +; rasadhlp.dll internal code (not from WS2_32.dll internals), so the +; internal function names are not available as stable suppression +; targets. Suppressing getaddrinfo is acceptable here because the +; leaked blocks are strictly from the one-time provider enumeration +; path, not from application-level DNS usage. +; +IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahCreateHandleContextTable,WahInsertHandleContext,MesBufferHandleReset,getaddrinfo From 5aa4addd64499403899a6361dd8ac4b68bbffc82 Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 13:00:46 -0700 Subject: [PATCH 08/11] Use WSALookupServiceBeginW instead of getaddrinfo for VLD suppression WSALookupServiceBeginW is more targeted than getaddrinfo - it is the internal WS2_32 namespace-provider-enumeration entry point that triggers the LoadLibrary of rasadhlp.dll. Using this avoids masking real leaks where application code calls getaddrinfo without a matching freeaddrinfo. The rasadhlp.dll internal functions are unexported and unresolvable without PDBs, so WSALookupServiceBeginW is the most specific named function available in the leak call stack. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- build_functions/default_vld.ini | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index e2591297..f53d6e3f 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -76,17 +76,17 @@ SkipCrtStartupLeaks = yes ; the public MesEncodeDynBufferHandleCreate because the latter could ; mask real leaks from intentional RPC serialization usage. ; -; - getaddrinfo: public WS2_32.dll DNS resolution function. -; During the first call to getaddrinfo, the Winsock layer dynamically -; loads rasadhlp.dll (Remote Access Service Address Helper) via -; LoadLibraryExA to enumerate namespace providers. The rasadhlp.dll -; initialization allocates 256-byte blocks (via malloc) that persist -; for the process lifetime and are cleaned up at process exit by the -; OS. Unlike the WAH entries above, these allocations originate from -; rasadhlp.dll internal code (not from WS2_32.dll internals), so the -; internal function names are not available as stable suppression -; targets. Suppressing getaddrinfo is acceptable here because the -; leaked blocks are strictly from the one-time provider enumeration -; path, not from application-level DNS usage. +; - WSALookupServiceBeginW: WS2_32.dll namespace provider lookup function. +; During DNS resolution, getaddrinfo -> GetAddrInfoW calls +; WSAEnumNameSpaceProvidersW, which internally calls +; WSALookupServiceBeginW to enumerate providers. On the first call, +; this triggers LoadLibraryExA to load rasadhlp.dll (Remote Access +; Service Address Helper), whose DLL initialization allocates 256-byte +; blocks (via malloc) that persist for the process lifetime. The +; rasadhlp.dll internal functions are unexported and unresolvable +; without PDBs, so we suppress at this level instead. Using +; WSALookupServiceBeginW rather than the public getaddrinfo avoids +; masking real leaks where application code calls getaddrinfo without +; a matching freeaddrinfo. ; -IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahCreateHandleContextTable,WahInsertHandleContext,MesBufferHandleReset,getaddrinfo +IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahCreateHandleContextTable,WahInsertHandleContext,MesBufferHandleReset,WSALookupServiceBeginW From 3358856b7323287f8e9dca0169427db37783373e Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 14:35:43 -0700 Subject: [PATCH 09/11] Add IgnoreModulesList for system DLL false positives in VLD config Add IgnoreModulesList = rasadhlp.dll;dnsapi.dll;mswsock.dll;fwpuclnt.dll to suppress false positives from system DLLs whose internal functions are unexported and cannot be targeted by IgnoreFunctionsList. These DLLs are loaded dynamically during getaddrinfo and allocate memory that persists for the process lifetime. The specific leaking DLLs vary by OS version and installed network providers. WSALookupServiceBeginW is kept in IgnoreFunctionsList as a fallback for older VLD versions that do not support IgnoreModulesList. Requires VLD v2.5.15+ with IgnoreModulesList support (Azure/vld branch anporumb/ignore-modules-list). Older VLD versions silently ignore the new option. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- build_functions/default_vld.ini | 34 +++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index f53d6e3f..1d39787c 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -88,5 +88,39 @@ SkipCrtStartupLeaks = yes ; WSALookupServiceBeginW rather than the public getaddrinfo avoids ; masking real leaks where application code calls getaddrinfo without ; a matching freeaddrinfo. +; NOTE: This is also covered by IgnoreModulesList below (rasadhlp.dll). +; WSALookupServiceBeginW is kept here as a fallback for older VLD +; versions that do not support IgnoreModulesList. ; IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahCreateHandleContextTable,WahInsertHandleContext,MesBufferHandleReset,WSALookupServiceBeginW + +; Suppress false positives from system DLLs whose internal functions are +; unexported and cannot be targeted by IgnoreFunctionsList. +; +; During getaddrinfo, the Winsock layer dynamically loads several namespace +; provider DLLs. Their DLL initialization allocates memory that persists +; for the process lifetime and is cleaned up by the OS at process exit. +; The specific DLLs that leak depend on the OS version and installed +; network providers: +; +; - rasadhlp.dll: Remote Access Service Address Helper. Loaded via +; LoadLibraryExA during first getaddrinfo call through +; WSAEnumNameSpaceProvidersW -> WSALookupServiceBeginW. Internal +; functions at unexported RVA offsets allocate 256-byte blocks. +; +; - dnsapi.dll: DNS Client API. Internal functions perform locale +; comparison (CompareStringW) and DLL initialization that allocate +; 400-byte blocks via RtlAllocateHeap. +; +; - mswsock.dll: Microsoft Windows Sockets Helper. Winsock provider +; DLL that allocates socket handle context entries and performs +; provider path resolution during name resolution. +; +; - fwpuclnt.dll: Windows Filtering Platform User-mode API. Network +; policy DLL loaded during socket/DNS operations that allocates +; internal state. +; +; NOTE: IgnoreModulesList requires VLD v2.5.15+ with IgnoreModulesList +; support. Older VLD versions will silently ignore this option. +; +IgnoreModulesList = rasadhlp.dll;dnsapi.dll;mswsock.dll;fwpuclnt.dll From 2fa56dc2dcfca17184c60ed2322ffda6ffbf2ea1 Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Fri, 13 Mar 2026 19:27:22 -0700 Subject: [PATCH 10/11] Fix default_vld.ini comment: accurate system DLL leak documentation Removed incorrect claims about specific byte sizes per DLL. Documented that RPCRT4.dll and KERNELBASE.dll are the primary leak sources (based on actual callstack analysis), with rasadhlp, dnsapi, mswsock, and fwpuclnt varying by OS version. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- build_functions/default_vld.ini | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index 1d39787c..5a531ec2 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -94,31 +94,28 @@ SkipCrtStartupLeaks = yes ; IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encoder,CryptEnumOIDFunction,CertOIDToAlgId,CryptMsgSignCTL,CryptMsgOpenToDecode,UuidFromStringA,UuidToStringA,SymLoadModuleExW,SymGetLineFromAddr64,SymFromAddr,GetSymLoadError,SortGetHandle,InternalLcidToName,GetNamedLocaleHashNode,WahCreateHandleContextTable,WahInsertHandleContext,MesBufferHandleReset,WSALookupServiceBeginW -; Suppress false positives from system DLLs whose internal functions are -; unexported and cannot be targeted by IgnoreFunctionsList. +; Suppress false positives from system DLLs loaded during getaddrinfo. ; -; During getaddrinfo, the Winsock layer dynamically loads several namespace -; provider DLLs. Their DLL initialization allocates memory that persists -; for the process lifetime and is cleaned up by the OS at process exit. -; The specific DLLs that leak depend on the OS version and installed -; network providers: +; When getaddrinfo is first called, the Winsock layer (WS2_32.dll) +; enumerates namespace providers via WSAEnumNameSpaceProvidersW. This +; triggers dynamic loading of provider DLLs whose initialization allocates +; memory that persists for the process lifetime (freed at process exit). +; +; The majority of leak blocks come from RPCRT4.dll (RPC binding setup, +; buffer allocation, context handles) and KERNELBASE.dll (LoadLibraryExW +; for provider DLLs). The exact DLLs and block sizes vary by OS version +; and installed network providers. Common leaking DLLs include: ; ; - rasadhlp.dll: Remote Access Service Address Helper. Loaded via -; LoadLibraryExA during first getaddrinfo call through -; WSAEnumNameSpaceProvidersW -> WSALookupServiceBeginW. Internal -; functions at unexported RVA offsets allocate 256-byte blocks. +; LoadLibraryExA during namespace provider enumeration. ; -; - dnsapi.dll: DNS Client API. Internal functions perform locale -; comparison (CompareStringW) and DLL initialization that allocate -; 400-byte blocks via RtlAllocateHeap. +; - dnsapi.dll: DNS Client API. Performs resolver initialization. ; ; - mswsock.dll: Microsoft Windows Sockets Helper. Winsock provider -; DLL that allocates socket handle context entries and performs -; provider path resolution during name resolution. +; DLL that allocates internal state during name resolution. ; -; - fwpuclnt.dll: Windows Filtering Platform User-mode API. Network -; policy DLL loaded during socket/DNS operations that allocates -; internal state. +; - fwpuclnt.dll: Windows Filtering Platform User-mode API. May be +; loaded during socket/DNS operations on some OS configurations. ; ; NOTE: IgnoreModulesList requires VLD v2.5.15+ with IgnoreModulesList ; support. Older VLD versions will silently ignore this option. From b435bbd73dcc23ba6c7fd16639e396d6f060c273 Mon Sep 17 00:00:00 2001 From: Andrei Porumb Date: Mon, 16 Mar 2026 21:08:06 -0700 Subject: [PATCH 11/11] trying only IgnoreModulesList = rasadhlp.dll not more --- build_functions/default_vld.ini | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/build_functions/default_vld.ini b/build_functions/default_vld.ini index 5a531ec2..f0e2113d 100644 --- a/build_functions/default_vld.ini +++ b/build_functions/default_vld.ini @@ -109,15 +109,7 @@ IgnoreFunctionsList = CryptFindOIDInfo,I_CryptGetAsn1Decoder,I_CryptGetAsn1Encod ; - rasadhlp.dll: Remote Access Service Address Helper. Loaded via ; LoadLibraryExA during namespace provider enumeration. ; -; - dnsapi.dll: DNS Client API. Performs resolver initialization. -; -; - mswsock.dll: Microsoft Windows Sockets Helper. Winsock provider -; DLL that allocates internal state during name resolution. -; -; - fwpuclnt.dll: Windows Filtering Platform User-mode API. May be -; loaded during socket/DNS operations on some OS configurations. -; ; NOTE: IgnoreModulesList requires VLD v2.5.15+ with IgnoreModulesList ; support. Older VLD versions will silently ignore this option. ; -IgnoreModulesList = rasadhlp.dll;dnsapi.dll;mswsock.dll;fwpuclnt.dll +IgnoreModulesList = rasadhlp.dll