Skip to content

curl_ws_recv() is crashing after auto-respond to PING  #10289

New issue
New issue
Closed
Closed
curl_ws_recv() is crashing after auto-respond to PING #10289
Labels
WebSocketcrash
@devpreview

Description

@devpreview
devpreview
opened on Jan 13, 2023 · edited by devpreview

I did this

curl_ws_recv(curl, buffer, sizeof(buffer), &rlen, &meta);

I have the following

  • WS: got 15 websocket bytes to decode
  • WS:221 received FIN bit 1
  • WS: received OPCODE PING
  • WS: received 13 bytes payload (0 left, buflen was 15)
  • WS: auto-respond to PING with a PONG
  • WS: send OPCODE PONG
  • WS: send FIN bit 1 (byte 8a)
  • WS: send payload len 13
  • WS: wanted to send 19 bytes, sent 19 bytes
    crash --> ws.c:475: curl_ws_recv: Assertion `wsp->frame.bytesleft >= (curl_off_t)write_len' failed.

curl/libcurl version

curl 7.87.0-DEV (x86_64-pc-linux-gnu) libcurl/7.87.0-DEV OpenSSL/3.0.2 zlib/1.2.11 libpsl/0.21.0 (+libidn2/2.3.2) nghttp2/1.43.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS Debug HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB PSL SSL threadsafe TLS-SRP TrackMemory UnixSockets

operating system

Linux sabo-probook 5.15.0-57-generic #63-Ubuntu SMP Thu Nov 24 13:43:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Activity

bagder
added
crash
WebSocket
on Jan 13, 2023
bagder

bagder commented on Jan 13, 2023

@bagder
bagder
on Jan 13, 2023
Member

Do you have a way to reproduce this issue?

devpreview

devpreview commented on Jan 13, 2023

@devpreview
devpreview
on Jan 13, 2023 · edited by devpreview
Author
int main()
{
    CURL* curl = curl_easy_init();
    if(!curl) return 1;
    curl_easy_setopt(curl, CURLOPT_VERBOSE,      1L);
    curl_easy_setopt(curl, CURLOPT_URL,          "wss://demo.piesocket.com/v3/channel_123?api_key=VCXCEuvhGcBDP7XhiJJUDvR1e1D3eiVjgZ9VRiaV&notify_self");
    curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 2L);

    CURLcode res = curl_easy_perform(curl);
    if(res != CURLE_OK) {
        fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
        return 1;
    }

    size_t rlen = 0;
    struct curl_ws_frame *meta;
    char buffer[1024];
    do {
        res = curl_ws_recv(curl, buffer, sizeof(buffer), &rlen, &meta);
    } while(res == CURLE_OK);
    if(res != CURLE_OK) fprintf(stderr, "curl_ws_recv() failed: %s\n", curl_easy_strerror(res));

    return 0;
}

Need to wait a bit ping-message.

bagder
added a commit that references this issue on Jan 13, 2023

ws: fix autoping handling

9fc67e7
bagder
mentioned this on Jan 13, 2023
bagder
closed this as completedin abae4e3on Jan 13, 2023
devpreview

devpreview commented on Jan 14, 2023

@devpreview
devpreview
on Jan 14, 2023
Author

Awesome! Thank you.

devpreview

devpreview commented on Jan 16, 2023

@devpreview
devpreview
on Jan 16, 2023
Author

@bagder I think I found another bug.

Steps to reproduce:

  1. Configure libcurl in debug mode: ./configure ... --enable-debug -enable-maintainer-mode;
  2. Run example described above;
  3. Wait incoming message (or send from https://www.piesocket.com/websocket-tester);
  4. Crush: ws.c:482: curl_ws_recv: Assertion `wsp->frame.bytesleft >= (curl_off_t)datalen' failed.
bch
added a commit that references this issue on Jul 19, 2023

ws: fix autoping handling

750c982
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    WebSocketcrash

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @bagder@devpreview

      Issue actions
        curl_ws_recv() is crashing after auto-respond to PING · Issue #10289 · curl/curl