cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Curl 7.16.x and multi interface

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 2 Mar 2007 23:00:38 +0100 (CET)

On Fri, 2 Mar 2007, Eygene Ryabinkin wrote:

> From reading lib/url.c I am under impression that the 'reuse =
> ConnectionExists' stanza in url.c:3698 can select already used connection to
> be used again. Seems like it is done without checking if the pipelining is
> enabled. Though, I can be wrong.

I don't see how that code allows double use of the same connection without
pipelining. Perhaps I'm being stupid, but can you point out exactly how it
would get an already used connection?

>>> Got the today's snapshot. SEGV again, but in another place. Both
>>> git-http-push and git-http-fetch are dumping the core in the same place:
>>> lib/multi.c:1927 trying to dereference multi->connc->connects[i]->data. It
>>> is the right place that is dereferencing the bad pointer, because
>>> ElectricFence is here and seems to do its job ;))
>>
>> Ouch. That seems to imply that the multi->connc->connects[] array has been
>> freed? That is done by lib/url.c:Curl_rm_connc() and should only by done on
>> curl_multi_cleanup() when the multi interface is used...
>
> No, that implies that the particular member of that array (in my case it is
> multi->connc->connects[2]) was already freed or initialised with the bad
> memory location.

I don't think so, since the code first checks that multi->connc->connects[i]
is non-NULL and we do clear that pointer when we free the area it points to
(at least I haven't yet found a case where we don't). Thus my suspicion that
the whole multi->connc->connects[] array is freed.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-03-02