cURL / Mailing Lists / curl-library / Single Mail

curl-library

Memory/pointer bug in file URL handing (7.12)

From: Bazyl, Steven <sbazyl_at_rsasecurity.com>
Date: Wed, 9 Jun 2004 19:22:22 -0400

Found a bug in how pointers are handled when dealing with file URLs.
Specifically, in file.c:Curl_file_connect, if the incomming URL is in the
form file:///c:/whatever CURL increments the pointer by one (line 143). But
since this is dynamically allocated memory, the new pointer is no longer
valid and the subsequent call to free fails (either its silently ignored
resulting in a leak, or crashes if strict checking of memory allocs/frees is
enabled.)

BTW - we're using the new memory callbacks which helped track this down :)
Received on 2004-06-10