curl / Mailing Lists / curl-library / Single Mail


segfault in Curl_conncache_remove_conn with 7.49.1

From: Eric Ridge via curl-library <>
Date: Fri, 17 Nov 2017 12:58:47 -0700

I'm using libcurl in a C-based project and I ran across a crash the other day that I'm not able to re-create.

This is with curl 7.49.1 on MacOS High Sierra (Darwin emacpro28.lan 17.0.0 Darwin Kernel Version 17.0.0). I've custom-compiled curl with these options:
        '--disable-static' '--enable-hidden-symbols' '--disable-threaded-resolver' '--with-gssapi' '--with-darwinssl' '--without-libssh2'

Here's the backtrace:

    frame #0: 0x00007fff60b7bfce libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff60cb9150 libsystem_pthread.dylib`pthread_kill + 333
    frame #2: 0x00007fff60ad832a libsystem_c.dylib`abort + 127
    frame #3: 0x00007fff60be0b28 libsystem_malloc.dylib`szone_error + 596
    frame #4: 0x00007fff60bd676b libsystem_malloc.dylib`tiny_free_list_remove_ptr + 298
    frame #5: 0x00007fff60beb690 libsystem_malloc.dylib`tiny_free_no_lock + 370
    frame #6: 0x00007fff60bec254 libsystem_malloc.dylib`free_tiny + 628
    frame #7: 0x00007fff5f343bd5 libcurl.4.dylib`Curl_llist_remove + 124
    frame #8: 0x00007fff5f357dff libcurl.4.dylib`Curl_conncache_remove_conn + 64
    frame #9: 0x00007fff5f330b85 libcurl.4.dylib`Curl_disconnect + 168
    frame #10: 0x00007fff5f344b18 libcurl.4.dylib`multi_done + 407
    frame #11: 0x00007fff5f346195 libcurl.4.dylib`multi_runsingle + 2734
    frame #12: 0x00007fff5f3455ed libcurl.4.dylib`curl_multi_perform + 114
    frame #13: 0x00007fff5f33e741 libcurl.4.dylib`curl_easy_perform + 362
    frame #14: 0x0000000103943c51`rest_call + 769 <-- this is my code

I guess I'm wondering what might cause this? My app is single-threaded and my usage pattern is that I init curl once on startup (and set non-request-specific CURLOPTs at this time) and just re-use it throughout the lifetime of the app.

I did notice a little bug in my code where I was setting CURLOPT_ERRORBUFFER to an allocated char * that happened to get free'd later on, so that's no good, but I can't decide if that would cause this crash in libcurl.

I haven't been able to re-produce this for the past few days (even with the above bug in my code still around), so it's kinda hard to figure out if I've fixed it or not. :)

Does anyone have any insight into what might cause libcurl to segfault here?

Thanks for your time!


ps, I'm a new subscriber here and signed up for digest -- I'd appreciate a CC if you reply.
Received on 2017-11-17