Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Potential double free in multi.c in 7.80
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Abhinav Singhal via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 13 Jul 2023 11:38:29 -0400
Hi,
I understand that 7.80 is an old release, but it's shipped with one of our
(older) releases and we're increasingly getting reports of crashes from the
field. I was able to find why/where it's happening, and I'd like to run it
by the curl team once so that they can confirm that this could indeed be an
issue.
In 7.80 ~/lib/multi.c, in multi_done(), we call
*Curl_safefree(data->req.newurl)
*at the beginning of the function. Towards the end of the function,
*Curl_free_request_state(data)* is called, which in turn calls
*Curl_safefree(data->req.newurl)
*again, potentially causing the crash being observed. Can anyone confirm?
Thanks.
Date: Thu, 13 Jul 2023 11:38:29 -0400
Hi,
I understand that 7.80 is an old release, but it's shipped with one of our
(older) releases and we're increasingly getting reports of crashes from the
field. I was able to find why/where it's happening, and I'd like to run it
by the curl team once so that they can confirm that this could indeed be an
issue.
In 7.80 ~/lib/multi.c, in multi_done(), we call
*Curl_safefree(data->req.newurl)
*at the beginning of the function. Towards the end of the function,
*Curl_free_request_state(data)* is called, which in turn calls
*Curl_safefree(data->req.newurl)
*again, potentially causing the crash being observed. Can anyone confirm?
Thanks.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-07-13