curl / Mailing Lists / curl-library / Single Mail


[patch] Fix inconsistency between curl_write_callback and tool_header_cb/tool_write_cb

From: Hanno Böck <>
Date: Tue, 28 Mar 2017 11:15:50 +0200


I tried building curl with clang's control-flow integrity feature [1].
CFI is a "next generation" exploit mitigation technology.
Trying to do a simple test (curl [any http url) an error was shown
during an indirect function call of a callback defined by

curl_write_callback is defined in curl.h:
typedef size_t (*curl_write_callback)(char *buffer,
                                      size_t size,
                                      size_t nitems,
                                      void *outstream);

When doing a simple http request the code will use two different
functions for that callback: tool_header_cb and tool_write_cb. The
issue is identical for both, so I'll only describe tool_write_cb.

It's defined in tool_cb_wrt.{c,h} like this:

size_t tool_write_cb(void *buffer, size_t sz, size_t nmemb, void

As you can see the callback definition uses a char* for the first
argument, while the function uses a void*. That's what CFI complains

I see no harm in changing the function definitions to char*, so I
propose changing that to make curl usable with CFI. See attached patch.

(When running the curl test suite many more errors of similar nature
show up, I think they all can be fixed with similar easy patches.
However I admit this stuff is all pretty new for me, so I wanted to
first check whether this first patch gets accepted and doesn't cause
any problems. Looks benign enough though.)


Hanno Böck
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42


Received on 2017-03-28