cURL / Mailing Lists / curl-library / Single Mail


potential bug in multi_runsingle() in multi.c ?

From: 邓民文 <>
Date: Tue, 17 Jun 2008 23:15:23 +0800

recently, i'm testing curl-7.18.2 + libevent-1.4.4, using multi interface of
curl and epoll of libevent

but the program not running well (some times segment fault, some times dead
loop), i am not familiar with curl's source code, so i seek help to you.

i have add many fprintf(stderr) to curl's source code, and found the below

1. easyhandle A reach CURLM_STATE_PERFORM state, and do
2. easyhandle B do Curl_connect(), and in the ConnectionExists() function,
it call Curl_disconnect(), and free the pipe which easyhandle A is using.
3. easyhandle A reach CURLM_STATE_DONE state, do
Curl_removeHandleFromPipeline again (A access the pipe, which is free by
disconnect()), so it become some times segment fault, some times dead loop

below is parts of cerr.log
================================ cerr.log

(1) 0xe1c8140 is using 0x891ca48

5407798 multi_runsingle: state=CURLM_STATE_PERFORM, easyhandle=0xe1c8140,
5407799 Curl_removeHandleFromPipeline: handle=0xe1c8140, pipeline=0x891ca48
5407800 Curl_llist_remove: list=0x891ca48, elem=0x8ca2d98

(2) 0x14c47140 free the 0x891ca48

5410423 multi_runsingle: state=CURLM_STATE_CONNECT, easyhandle=0x14c47140,
5410424 Curl_llist_init: list=0x19ccd710
5410425 Curl_llist_init: list=0x19bc5470
5410426 Curl_llist_init: list=0x20cddc20
5410427 ConnectionExists: call Curl_disconnect(0x1c1363d8)
5410428 Curl_disconnect: easyhandle=0x14c47140, conn_free(0x1c1363d8)
5410429 conn_free: conn=0x1c1363d8, Curl_llist_destroy 3 pipes
5410430 Curl_llist_destroy: list=0x8a516b8
5410431 Curl_llist_destroy: list=0x891ca48
5410432 Curl_llist_destroy: list=0x890db68
5410433 Curl_connect: easyhandle=0x14c47140, it got conn=0x1a85cc20


(3) 0xe1c8140 want to access 0x891ca48 (segment fault or dead loop)

5413886 multi_runsingle: state=CURLM_STATE_DONE, easyhandle=0xe1c8140,
5413887 Curl_removeHandleFromPipeline: handle=0xe1c8140, pipeline=0x891ca48
5413888 BUG: deadloop in Curl_removeHandleFromPipeline
5413889 struct curl_llist, size=0, head=0x1e8817d8, tail=0x8a516b0

================================ cerr.log

Received on 2008-06-17