cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: free(): invalid pointer

From: Plamen Barzakov <barzakov_at_gmail.com>
Date: Tue, 22 Aug 2006 16:04:18 +0200

This makes it sound like there's "someone" that destroys the memory pool and

> then random free() calls crash due to this. It is in fact likely that the
> "someone" in this case is your own app.
>
> Can you make a stand-alone application that repeats the problem using
> libcurl
> 7.15.5 and if so, provide the source code for that to the list? Did you
> try
> using valgrind to track the origins of the problem?
>
> I cannot make a stand-alone application, but here is the code dealing with
curl:

class CurlInit {
    static CURLcode initres;
    static CurlInit singleton;

    CurlInit() { initres = curl_global_init(CURL_GLOBAL_ALL); }
    ~CurlInit() { curl_global_cleanup(); initres = CURLE_FAILED_INIT; }

public:
    static CURL *easy_init() { return !initres ? curl_easy_init() : NULL; }
};

CURLcode CurlInit::initres;
CurlInit CurlInit::singleton;

CurlTransportAgent::CurlTransportAgent(URL& newURL, Proxy& newProxy,
unsigned int maxResponseTimeout) : TransportAgent(newURL, newProxy,
maxResponseTimeout){
    easyhandle = CurlInit::easy_init();
    if (easyhandle) {
        curl_easy_setopt(easyhandle, CURLOPT_DEBUGFUNCTION, debugCallback);
        curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, LOG.getLevel() ? TRUE
: FALSE);
        curl_easy_setopt(easyhandle, CURLOPT_NOPROGRESS, TRUE);
        curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION, receiveData);
        curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, this);
        curl_easy_setopt(easyhandle, CURLOPT_READFUNCTION, sendData);
        curl_easy_setopt(easyhandle, CURLOPT_READDATA, this);
        curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, this->curlerrortxt
);
        curl_easy_setopt(easyhandle, CURLOPT_AUTOREFERER, TRUE);
        curl_easy_setopt(easyhandle, CURLOPT_FOLLOWLOCATION, TRUE);
        if (proxy.host[0]) {
            curl_easy_setopt(easyhandle, CURLOPT_PROXY, proxy.host);
            if (proxy.port) {
                curl_easy_setopt(easyhandle, CURLOPT_PROXYPORT, proxy.port);

            }
            if (proxy.user) {
                sprintf(proxyauth, "%s:%s", proxy.user, proxy.password);
                curl_easy_setopt(easyhandle, CURLOPT_PROXYUSERPWD,
proxyauth);
            }
        }
    }
init=0;
}

CurlTransportAgent::~CurlTransportAgent() {
    if (easyhandle) {
        curl_easy_cleanup(easyhandle);
    }
}

size_t CurlTransportAgent::receiveData(void *buffer, size_t size, size_t
nmemb, void *stream) {
    CurlTransportAgent *agent = (CurlTransportAgent *)stream;
    size_t curr = size * nmemb;

    if (agent->received + curr + 1 > agent->responsebuffersize) {
        size_t newbuffersize = agent->responsebuffersize + max(10 * 1024,
(curr + 1 + 1024) / 1024 * 1024);
        char *newbuffer = new char[newbuffersize];
        memcpy(newbuffer, agent->responsebuffer, agent->received);
        delete [] agent->responsebuffer;
        agent->responsebuffer = newbuffer;
        agent->responsebuffersize = newbuffersize;
    }
    memcpy(agent->responsebuffer + agent->received,
           buffer,
           curr);
    agent->received += curr;
    agent->responsebuffer[agent->received] = 0;
    return curr;
}

size_t CurlTransportAgent::sendData(void *buffer, size_t size, size_t nmemb,
void *stream) {
    CurlTransportAgent *agent = (CurlTransportAgent *)stream;
    size_t curr = min(size * nmemb, agent->sendbuffersize - agent->sent);

    memcpy(buffer, agent->sendbuffer + agent->sent, curr);
    agent->sent += curr;
    return curr;
}

int CurlTransportAgent::debugCallback(CURL *easyhandle, curl_infotype type,
char *data, size_t size, void *unused)
{
    BOOL isData = type == CURLINFO_DATA_IN || type == CURLINFO_DATA_OUT;

    if (LOG.getLevel() >= LOG_LEVEL_DEBUG && !isData ||
        LOG.getLevel() > LOG_LEVEL_DEBUG) {
        char *buffer = new char[30 + size];
        sprintf(buffer, "libcurl %s%.*s",
                type == CURLINFO_TEXT ? "info: " :
                type == CURLINFO_HEADER_IN ? "header in: " :
                type == CURLINFO_HEADER_OUT ? "header out:\n" :
                type == CURLINFO_DATA_IN ? "data in:\n" :
                type == CURLINFO_DATA_OUT ? "data out:\n" :
                "???",
                (size > 0 && data[size-1] == '\n') ? (int)size - 1 :
(int)size,
                data);
        LOG.debug(buffer);
        delete [] buffer;
    }
}

char* CurlTransportAgent::sendMessage(const char* msg) {
    if (!easyhandle) {
        lastErrorCode = ERR_NETWORK_INIT;
        strcpy(lastErrorMsg, TEXT("libcurl error init error"));
        return NULL;
    }

    wsprintf(logmsg, TEXT("Requesting resource %s at %s:%d"), url.resource,
url.host, url.port);
    LOG.debug(logmsg);

    curl_slist *slist=NULL;
    wchar_t *response = NULL;
    CURLcode code;
    char contenttype[256];
    sprintf(contenttype, "Content-Type: %s", SYNCML_CONTENT_TYPE);
    slist = curl_slist_append(slist, contenttype);
    responsebuffersize = 64 * 1024;
    responsebuffer = new char[responsebuffersize];
    received = 0;
    responsebuffer[0] = 0;
    // todo? url.resource

   if ((code = curl_easy_setopt(easyhandle, CURLOPT_POST, TRUE)) ||
        (code = curl_easy_setopt(easyhandle, CURLOPT_URL, url.fullURL)) ||
        (code = curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDS, msg)) ||
        (code = curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDSIZE,
strlen(msg))) ||
        (code = curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, slist)))
{// ||
        (code = curl_easy_perform(easyhandle))) {
        printf("curl error: %s\n", curl_easy_strerror(code));
        delete [] responsebuffer;
        lastErrorCode = ERR_HTTP;
        sprintf(lastErrorMsg, TEXT("libcurl error %d, %.250s"),
                code, curlerrortxt);
    } else {
        response = responsebuffer;
        LOG.debug(response);
        LOG.debug(TEXT("Response read"));
    }

    responsebuffer = NULL;
    responsebuffersize = 0;

    if (slist) {
        curl_slist_free_all(slist);
    }

    return response;
}

It's a code from an open source project actually. I just call sendMessage
twice. The first one returns the message without any errors, but the seccond
one ends with free(); corruption.
Received on 2006-08-22