cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [BUG] Crash on curl_easy_cleanup

From: Jean-Fran�ois VERDON <jfverdon_at_gmail.com>
Date: Wed, 12 Jan 2011 14:33:47 +0100

Thanks for your response.

2011/1/12 Daniel Stenberg <daniel_at_haxx.se>

> On Wed, 12 Jan 2011, Jean-Fran�ois VERDON wrote:
>
> I may found a bug in libCurl, when builded statically on Windows (7).
>> I've got an error on the curl_easy_cleanup function, more precisely at the
>> line 2554 of "url.c" file:
>>
>
> Curl_safefree(conn->user);
>>>>
>>>
> What error did you get on that line? Did you check what 'user' pointed to?

I got a exception in _CrtIsValidHeapPointer, so I checked c/c++ run-time
library. They are both (curl static lib and my dll) set to /MDd. Some other
options are different (floating point mode, etc), but I don't think this
matters.

>
> Searching deeper, i found that if not supplied, user and password are
>> setted
>> to empties string (conn->user and conn->passwd).
>>
>
> No, that's not correct. See lib/url.c:set_userpass() and you'll see that it
> always strdups() or NULLs them.

Missed that point, ok.

>
>
> But, the pointers are setted to "create_conn(struct SessionHandle *data,
>> struct connectdata **in_connect, bool *async)" internal variables at line
>> 1888 (set_userpass call):
>> 4653 >> char user[MAX_CURL_USER_LENGTH];
>> 4654 >> char passwd[MAX_CURL_PASSWORD_LENGTH];
>>
>> Those 2 variable are static functions local variable
>>
>
> No, they're not static. Yes they are local buffers to hold temporary
> strings.
>
>
> a call to "free(ptr)" as done in "Curl_safefree(void *ptr)" (line 271)
>> seems invalid in this case, no?
>>
>
> Not at all, since the free() is not done on the local buffers

Ha, I see, I was wrong, cause (of course) conn->user point to strdups()
allocated memory after set_userpass(), stupid me, not the same pointers...

> You're pointing out generic code that is used for all platforms and we have
>
>
>> 500 test cases that run fine. I'm not saying you haven't found a bug, I'm
>>
> just suggesting that if it is a libcurl bug it is slightly more complicated
> than just this.
>
> Or I'm hallucating. It would help us a lot if you provided us with a
> complete example that repeats the problem.

Got to check elsewhere so...

> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-01-12

This message: [ Message body ]
Next message: Amr Shahin: "Re: curl unit testing"
Previous message: Johan van Selst: "Re: [patch] Ignore specific IPs in connections"
In reply to: Daniel Stenberg: "Re: [BUG] Crash on curl_easy_cleanup"
Next in thread: Jean-Fran�ois VERDON: "Re: [BUG] Crash on curl_easy_cleanup"
Reply: Jean-Fran�ois VERDON: "Re: [BUG] Crash on curl_easy_cleanup"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]