Hey list.

I've been trying to isolate and reproduce the following bug for several
hours now, and I finally nabbed it. It caused apparently random crashes of
my application.

Some general information follows.
OS: Windows 2000/XP
cURL Version: Both 7.12.0 and 7.12.1.

It's basically a bug in libcurl's standard name resolver. I'm not using
c-ares yet, but I'm about to switch to it because I need a quick fix.

The bug generates an access violation by trying to callback from the
resolver thread after the connection attempt has already exited due to the
connection timeout I specified.

To reproduce it, you have to do the following:
1. Make sure the connection to your DNS isn't working. In my case, I
simply set an invalid gateway.
2. Write a piece of code that does the following:
a) curl_easy_setopt CURLOPT_CONNECTTIMEOUT 5
b) curl_easy_perform
c) curl_easy_cleanup
You naturally set everything else that's required.
3. If the resolver thread exits from gethostbyname() [line 186 of
hostthre.c] _AFTER_ the timeout has already caused my curl_easy_perform()
to exit, and I have implicitly also called curl_easy_cleanup, it will
crash with an access violation by trying to callback through
Curl_addrinfo4_callback() with a by-now invalid conn parameter.

Note: It is of paramount importance that gethostbyname() does not
instantly exit. This is the reason I didn't catch the bug before hitting
my beta stage. I used to test connectionless by unplugging my network
cable, and that would cause instant 'cannot connect' replies. If you
however truly simulate a connection failure, and gethostbyname() timeouts
on its own (10-15 secs), it will most ungraciously crash.

I apologize for not fixing the bug myself (having already got it in my
debugger), but I honestly don't have the time.

I hope this report helps, and if you need any more information, I'll be
glad to supply it.
Received on 2004-10-11