Skip to content

Fix 5 memory leaks in WiFiScan.cpp#1111

Open
tropicsquirrel wants to merge 1 commit intojustcallmekoko:masterfrom
tropicsquirrel:fix/memory-leaks
Open

Fix 5 memory leaks in WiFiScan.cpp#1111
tropicsquirrel wants to merge 1 commit intojustcallmekoko:masterfrom
tropicsquirrel:fix/memory-leaks

Conversation

@tropicsquirrel
Copy link
Copy Markdown
Contributor

@tropicsquirrel tropicsquirrel commented Feb 12, 2026

Summary

Fixes 5 memory leaks, as reported by getFreeHeap() in WiFiScan.cpp found during testing. Each leak causes heap to shrink by a few KB per scan cycle, eventually leading to instability on long-running devices.

Fixes

  1. generateRandomName() result not freed — In GetUniversalAdvertisementData(), the Microsoft Swiftpair case calls generateRandomName() (the no-arg version in utils.h) which returns a malloc'd string. The result was never freed, leaking ~6 bytes per advertising cycle (~100x/sec during spam).

  2. AccessPoint.stations not freed in clearAPs() — Each AccessPoint has a heap-allocated LinkedList<uint16_t>* stations. clearAPs() removes list nodes but never deletes the inner stations lists, leaking ~24+ bytes per AP per scan cycle.

  3. AccessPoint.stations not freed in RunAPScan() — Same issue: delete access_points destroys the outer list but doesn't follow the stations pointers.

  4. probe_req_ssids never cleared on scan stop — The list is only cleared when starting WIFI_SCAN_PROBE, but probe requests are captured by multiple sniffer modes (beacon, deauth, EAPOL). Without clearing on stop, the list grows indefinitely across scan cycles.

  5. airtags and flippers never cleared on scan stop — Both lists accumulate entries during BT scans but are never cleared, growing across scan cycles.

Testing

Tested on ESP32-S3 (8MB PSRAM).

  • Before fix: heap dropped 5-14KB per scan cycle.
  • After fix: heap stable within ±2KB across 5 consecutive full scan cycles.
  • Note: 'scan cycle' includes the following, but the test plan (below) slims this list down significantly:
    • SSID Management
    • AP Scan
    • Beacon Sniff
    • Probe Sniff
    • Deauth Sniff
    • PMKID Sniff
    • Beacon List Attack
    • Random Beacon Spam
    • Rick Roll
    • BT Scan All
    • Sour Apple
    • Swiftpair Spam
    • BLE Spam All

Test plan

  • Build for ESP32-S3 and ESP32 targets — verify no compile errors
  • Run WiFi AP scan 3+ times — verify heap stays stable
  • Run BT scan 3+ times — verify heap stays stable
  • Run Swiftpair spam 3+ times — verify heap stays stable
  • Verify clearAPs() still returns correct count

@tropicsquirrel @claude
Fix 5 memory leaks in WiFiScan.cpp
b5a4d24 
1. Free generateRandomName() result in GetUniversalAdvertisementData().
   The no-arg generateRandomName() in utils.h returns a malloc'd string.
   The Microsoft Swiftpair case calls this every advertising cycle but
   never frees the result, leaking ~6 bytes per cycle.

2-3. Free AccessPoint.stations LinkedList in clearAPs() and RunAPScan().
   Each AccessPoint contains a heap-allocated LinkedList<uint16_t>*
   stations. Neither clearAPs() nor the `delete access_points` in
   RunAPScan() frees these inner lists, leaking ~24+ bytes per AP
   per scan cycle.

4. Clear probe_req_ssids in StopScan(). The list is only cleared when
   starting WIFI_SCAN_PROBE, but probe requests are captured by
   multiple sniffer modes. Without clearing on stop, the list grows
   indefinitely across scan cycles.

5. Clear airtags and flippers lists in StopScan(). Both lists get
   entries added during BT scans but are never cleared, accumulating
   across scan cycles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tropicsquirrel