Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl_ws_recv() is crashing after auto-respond to PING #10289

Closed
devpreview opened this issue Jan 13, 2023 · 4 comments
Closed

curl_ws_recv() is crashing after auto-respond to PING #10289

devpreview opened this issue Jan 13, 2023 · 4 comments
Labels
crash WebSocket

Comments

@devpreview
Copy link

devpreview commented Jan 13, 2023
edited

I did this

curl_ws_recv(curl, buffer, sizeof(buffer), &rlen, &meta);

I have the following

  • WS: got 15 websocket bytes to decode
  • WS:221 received FIN bit 1
  • WS: received OPCODE PING
  • WS: received 13 bytes payload (0 left, buflen was 15)
  • WS: auto-respond to PING with a PONG
  • WS: send OPCODE PONG
  • WS: send FIN bit 1 (byte 8a)
  • WS: send payload len 13
  • WS: wanted to send 19 bytes, sent 19 bytes
    crash --> ws.c:475: curl_ws_recv: Assertion `wsp->frame.bytesleft >= (curl_off_t)write_len' failed.

curl/libcurl version

curl 7.87.0-DEV (x86_64-pc-linux-gnu) libcurl/7.87.0-DEV OpenSSL/3.0.2 zlib/1.2.11 libpsl/0.21.0 (+libidn2/2.3.2) nghttp2/1.43.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS Debug HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB PSL SSL threadsafe TLS-SRP TrackMemory UnixSockets

operating system

Linux sabo-probook 5.15.0-57-generic #63-Ubuntu SMP Thu Nov 24 13:43:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
@bagder
Copy link
Member

bagder commented Jan 13, 2023

Do you have a way to reproduce this issue?

@devpreview
Copy link
Author

devpreview commented Jan 13, 2023
edited 

int main()
{
    CURL* curl = curl_easy_init();
    if(!curl) return 1;
    curl_easy_setopt(curl, CURLOPT_VERBOSE,      1L);
    curl_easy_setopt(curl, CURLOPT_URL,          "wss://demo.piesocket.com/v3/channel_123?api_key=VCXCEuvhGcBDP7XhiJJUDvR1e1D3eiVjgZ9VRiaV&notify_self");
    curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 2L);

    CURLcode res = curl_easy_perform(curl);
    if(res != CURLE_OK) {
        fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
        return 1;
    }

    size_t rlen = 0;
    struct curl_ws_frame *meta;
    char buffer[1024];
    do {
        res = curl_ws_recv(curl, buffer, sizeof(buffer), &rlen, &meta);
    } while(res == CURLE_OK);
    if(res != CURLE_OK) fprintf(stderr, "curl_ws_recv() failed: %s\n", curl_easy_strerror(res));

    return 0;
}

Need to wait a bit ping-message.

bagder added a commit that referenced this issue Jan 13, 2023
@bagder
ws: fix autoping handling
9fc67e7 
Reported-by: Alexey Savchuk
Fixes #10289
@bagder bagder mentioned this issue Jan 13, 2023
Closed
@bagder bagder closed this as completed in abae4e3 Jan 13, 2023
@devpreview
Copy link
Author

Awesome! Thank you.

@devpreview
Copy link
Author

@bagder I think I found another bug.

Steps to reproduce:

  1. Configure libcurl in debug mode: ./configure ... --enable-debug -enable-maintainer-mode;
  2. Run example described above;
  3. Wait incoming message (or send from https://www.piesocket.com/websocket-tester);
  4. Crush: ws.c:482: curl_ws_recv: Assertion `wsp->frame.bytesleft >= (curl_off_t)datalen' failed.

bch pushed a commit to bch/curl that referenced this issue Jul 19, 2023
@bagder @bch
ws: fix autoping handling
750c982 
Reported-by: Alexey Savchuk
Fixes curl#10289
Closes curl#10294
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash WebSocket
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ws: fix autoping handling curl/curl
2 participants
@bagder @devpreview