Skip to content

Replace raw owned pointers with std::unique_ptr / std::shared_ptr

Classification

Abandoned by operator decision on 2026-05-21. This historical record preserves the old Boost/POCO analysis only as provenance; do not promote it without a new active item.

Summary

Raw pointer ownership is pervasive — no clear ownership semantics, manual delete calls, and no protection against exceptions between new and delete. Two priority file groups show the most egregious patterns.

Note: This issue does NOT require Boost. std::unique_ptr and std::shared_ptr are in the C++11/17 standard library and are the correct replacement regardless of whether Boost is adopted. The original Boost plan listed this under Boost for organizational reasons only.

File Group 1: WebSocket.h — Hand-rolled linked list

// srchybrid/WebSocket.h:12-26
class CWebSocket {
public:
    CWebServer *m_pParent;       // owning? non-owning? unclear

    class CChunk {
    public:
        char   *m_pData;         // owned — allocated with new[]
        char   *m_pToSend;       // interior pointer into m_pData — DANGEROUS
        CChunk *m_pNext;         // owned
        DWORD   m_dwSize;
        ~CChunk() { delete[] m_pData; }
    };

    CChunk *m_pHead;             // owns chain
    CChunk *m_pTail;             // non-owning alias
    char   *m_pBuf;
};

Risks: Interior pointer m_pToSend into m_pData is undefined behaviour if m_pData is ever reallocated. No exception safety between new CChunk and linking it into the chain.

Replacement:

struct CChunk {
    std::unique_ptr<char[]> m_pData;
    std::size_t             m_pToSendOffset;  // offset instead of interior pointer
    std::size_t             m_dwSize;
    std::unique_ptr<CChunk> m_pNext;
};
std::unique_ptr<CChunk> m_pHead;
// Or simpler: replace the whole list with std::list<std::vector<char>>

File Group 2: EncryptedStreamSocket.h — Bare crypto resource pointers

// srchybrid/EncryptedStreamSocket.h:115-118
RC4_Key_Struct *m_pRC4SendKey;
RC4_Key_Struct *m_pRC4ReceiveKey;
CSafeMemFile   *m_pfiReceiveBuffer;
CSafeMemFile   *m_pfiSendBuffer;

No RAII — if the constructor throws after any of these are allocated, the already-allocated ones leak.

Replacement:

std::unique_ptr<RC4_Key_Struct> m_pRC4SendKey;
std::unique_ptr<RC4_Key_Struct> m_pRC4ReceiveKey;
std::unique_ptr<CSafeMemFile>   m_pfiReceiveBuffer;
std::unique_ptr<CSafeMemFile>   m_pfiSendBuffer;

Migration Approach

  1. Start with EncryptedStreamSocket.h — straightforward unique ownership, self-contained.
  2. Tackle WebSocket.h — replace the linked list with std::list<std::vector<char>>.
  3. Scan for other new/delete pairs in socket and client files as a follow-on pass (especially any files touched by REF-008).

No Boost Required

std::unique_ptr and std::shared_ptr have been standard since C++11. The project already targets C++17. No additional dependency is needed.

If Boost is adopted for REF-008/009, boost::scoped_ptr / boost::shared_ptr are equivalent alternatives, but prefer the standard types.

Files

  • srchybrid/WebSocket.h / .cpp
  • srchybrid/EncryptedStreamSocket.h / .cpp

Acceptance Criteria

  • [ ] EncryptedStreamSocket.h crypto members are std::unique_ptr
  • [ ] CChunk::m_pToSend interior pointer eliminated — replaced by offset
  • [ ] CWebSocket chunk list uses std::unique_ptr ownership chain or std::list<std::vector<char>>
  • [ ] No manual delete calls for the replaced pointers
  • [ ] Exception thrown in constructor does not leak partially-allocated resources