Thanks for your quickly response, The exception issue still repro in 7.37.0 when trace log enabled, please investigate below.

Call stack as below:
MSVCR90D!strlen+0x30
mprintf.c dprintf_formatf
mprintf.c curl_mvsnprintf+0x46
sendf.c Curl_infof
ssluse.c dumpcart

With the 7.37.0:

static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
{
  BIO *bio_out = BIO_new(BIO_s_mem());
  BUF_MEM *biomem;

  /* this outputs the cert in this 64 column wide style with newlines and
     -----BEGIN CERTIFICATE----- texts and more */
  PEM_write_bio_X509(bio_out, x);

  BIO_get_mem_ptr(bio_out, &biomem);

  infof(data, "%s\n", biomem->data);

  Curl_ssl_push_certinfo_len(data, numcert,
                            "Cert", biomem->data, biomem->length);

  BIO_free(bio_out);

}

case FORMAT_STRING:
            /* String. */
      {
        static const char null[] = "(nil)";
        const char *str;
        size_t len;

        str = (char *) p->data.str;
        if(str == NULL) {
          /* Write null[] if there's space. */
          if(prec == -1 || prec >= (long) sizeof(null) - 1) {
            str = null;
            len = sizeof(null) - 1;
            /* Disable quotes around (nil) */
            p->flags &= (~FLAGS_ALT);
          }
          else {
            str = "";
            len = 0;
          }
        }
        else if(prec != -1)
          len = (size_t)prec;
        else
          len = strlen(str);

str is not end by \0
in the case, prec == -1
So curl will still call strlen(str) to get the length. Then crash.

---
** [bugs:#1390] Curl with trace log enabled will exception during dump cert **
**Status:** pending-needsinfo
**Created:** Wed Jul 02, 2014 10:04 AM UTC by terry wang
**Last Updated:** Thu Jul 03, 2014 02:55 AM UTC
**Owner:** Daniel Stenberg
The bug1295 still can repro if curl trace log enabled, please investigate.
Exception happens during dump cert
Curl wants to dump a certificate from cert chain. But the certificate string doesn't have "\0" at the end(OpenSSL returned the starting address and the length of the cert). So the exception happens during do strlen() operation.
static void dumpcert(struct SessionHandle data, X509 x, int numcert) // Ssluse.c
--> Curl_ssl_push_certinfo_len(data, numcert, "Cert", biomem->data, biomem->length); // Sslgen.c 
// biomem->data is the starting address of certificate.
// biomem->length is the length of certificate.
--> curl_maprintf("%s:%.s", label, valuelen, value); // Mprinft.c
// valuelen is the length of certificate.
// value is the starting address of certificate.
--> dprintf_formatf(&info, alloc_addbyter, format, ap_save); // Mprinft.c
{
...
case FORMAT_STRING:
{
str = (char ) p->data.str; // "str" is the starting address of certificate.
len = strlen(str); // If the "str" is not terminate with "\0", an exception maybe happens.
...
}
}
strlen() pops up exception in my core dump.
Crul version: 7.32.0
OpenSSL version: 1.0.1h
Platform: Win7 X86
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.