fix(websocket): Fix websocket client race on abort and memory leak(IDFGH-16555)

[gabsuren]

TODO - Will remove comments after the review ( left it for easier review)

Description

This PR fixes critical memory leaks and crashes in the ESP WebSocket client that occur during reconnection scenarios(CONFIG_ESP_WS_CLIENT_SEPARATE_TX_LOCK = y).

• Double-free crashes: Heap corruption during abort/reconnect scenarios
• Data loss: First packet after reconnection not received
• Error buffer accumulation: 2KB memory leak on disconnect

Changes Made:

• Add state check in abort_connection to prevent double-close
• Fix memory leak: free errormsg_buffer on disconnect
• Reset connection state on reconnect to prevent stale data
• Implement lock ordering for separate TX lock mode
• Added sdkconfig.ci.tx_lock conf

Related

#898

Checklist

Before submitting a Pull Request, please ensure the following:

• 🚨 This PR does not introduce breaking changes.
• [ ✓ ] All CI checks (GH Actions) pass.
• [ ✓] Documentation is updated as needed.
• Tests are updated or added as necessary.
• [ ✓] Code is well-commented, especially in complex areas.
• [ ✓] Git history is clean — commits are squashed to the minimum necessary.

---

Note

Prevents double-close races and error-buffer leaks, improves TX lock ordering and PONG handling, resets state on connect, and tweaks recv/poll flow; adds tx-lock CI config.

• esp_websocket_client.c:
  • Abort/Disconnect:
    • Add state guard in esp_websocket_client_abort_connection() to skip abort when closing/closed and set error type.
    • Free and null client->errormsg_buffer to fix leak; add debug logging.
  • Locking/Send path:
    • On send errors, coordinate tx_lock and lock (when CONFIG_ESP_WS_CLIENT_SEPARATE_TX_LOCK) before calling esp_websocket_client_abort_connection().
    • PONG handling: release/reacquire locks with timeout, check state/transport before send, and free RX buffer on early return.
  • On connect:
    • Reset payload_len/offset, last_fin, and last_opcode.
    • Perform immediate non-blocking read poll and invoke recv to capture early data.
  • Recv/poll loop:
    • Acquire client->lock before recv when read_select > 0; avoid duplicate lock ops.
  • Cleanup:
    • After destroying transport list, null client->transport_list and client->transport.
• Examples/Config:
  • Add examples/target/sdkconfig.ci.tx_lock enabling CONFIG_ESP_WS_CLIENT_SEPARATE_TX_LOCK and TX lock timeout.

^{Written by Cursor Bugbot for commit 52abfc0. This will update automatically on new commits. Configure here.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[euripedesrocha]

It is better to move this verification to abort connection function.

[gabsuren]

@euripedesrocha I am not sure about it, as abort connection is used in 5 different places, if we move it inside abort_connection it adds complex detection logic "which lock am I holding?" Only 1 place (send error path) needs lock switching (tx_lock → client->lock)

[gabsuren]

#898 (comment)