libcurl v7.88.1 crash on cleanup with missing cookie file #10694
Comments
|
Thanks a lot for your report! I've failed to reproduce this problem myself, so can I ask you to provide us with more details on how to go ahead and repeat this. Preferably with a command line or a stand-alone program we can run from our ends against a public URL to trigger the problem? |
|
From my reading of the description, this command line should trigger the problem? |
bagder
changed the title
|
Hello @bagder , We observe a similar issue (but a memory leak) with CURLOPT_COOKIEFILE in combination with curl_easy_reset. However, curl_easy_reset performs a non-conditional memset on
I believe that curl_easy_reset shall not cause a memory leak and must either
Best regards, |
11 tasks
does this solve it (edit: patch moved to #10709) |
jay
added a commit
to jay/curl
that referenced
this issue
Mar 8, 2023
- Free set.cookelist in Curl_freeset instead of Curl_close. Prior to this change the cookielist linked list wasn't freed by curl_easy_reset which calls Curl_freeset to free all set. Bug: curl#10694 (comment) Reported-by: Sergey Ryabinin Closes #xxxx
|
That was a memory-leak and thus a different matter and issue than what is reported here. |
bagder
added a commit
that referenced
this issue
Mar 8, 2023
And make sure there is no memory leak Ref: #10694
|
There some relation with verbose mode... output is: if I do not set CURLOPT_DEBUGFUNCTION CURLOPT_DEBUGDATA then output is and cookiefile is created if I do not set CURLOPT_VERBOSE then output is and cookiefile is created Calback function is: |
jay
added a commit
to jay/curl
that referenced
this issue
Mar 9, 2023
- Free set.cookelist in Curl_freeset instead of Curl_close. Prior to this change the cookielist linked list wasn't freed by curl_easy_reset which calls Curl_freeset to free all set. Bug: curl#10694 (comment) Reported-by: Sergey Ryabinin Closes #xxxx
jay
pushed a commit
to jay/curl
that referenced
this issue
Mar 9, 2023
And make sure there is no memory leak Ref: curl#10694
|
another addition - if I move deallocation of userdata Then there a no crush and cookiefile is created. I dont understand... |
|
I'm sorry, but I'm gonna need a recipe that uses libcurl directly or the command line tool. No binding. |
|
well... i'm don't know C and dont have any means to work with it... but maybe this give some light to the problem: and callback to this: and get this output: now if Imove deallocation of user pointer to before curl_easy_cleanup() function like that: then I get: You can see that debug func was called in curl_easy_cleanup(), outside curl_easy_perform() |
jay
added a commit
that referenced
this issue
Mar 10, 2023
- Free set.cookelist in Curl_freeset instead of Curl_close. Prior to this change the cookielist linked list wasn't freed by curl_easy_reset which calls Curl_freeset to free all set. Bug: #10694 (comment) Reported-by: Sergey Ryabinin Closes #10709
|
Hope this reproduser (win) is not completely wrong... |
|
Thanks. I cleaned up your most recent C example and was able to use it to reproduce with curl-7_88_1. (Click to expand)#include <crtdbg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <curl/curl.h>
#include <openssl/crypto.h>
struct tagcURLCallBackBuffer {
char *strbuf;
unsigned int size;
unsigned int allocated;
};
static int cURLCallbackFunc_DebugTraceFuncEL (CURL *handle, curl_infotype itype, char *idata, size_t iSize, tagcURLCallBackBuffer *zBuffer)
{
(void)handle; /* prevent compiler warning */
if (itype == CURLINFO_TEXT || itype == CURLINFO_HEADER_OUT || itype == CURLINFO_HEADER_IN) {
memset(&zBuffer->strbuf[zBuffer->size],0,iSize + 1);
memcpy(&zBuffer->strbuf[zBuffer->size],idata,iSize);
zBuffer->size += iSize;
}
return 0;
}
int main(void)
{
CURL *cURLHandle;
CURLcode cURLRetValue;
tagcURLCallBackBuffer info;
tagcURLCallBackBuffer *ptInfo = &info;
const char *cookiefile = "C:\\Temp\\_CookiesFileInQuestion.txt";
_CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_FILE);
_CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR);
_CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF | _CRTDBG_DELAY_FREE_MEM_DF);
ptInfo->allocated = 1000000;
ptInfo->size = 0;
ptInfo->strbuf = (char *)calloc(1, ptInfo->allocated);
unlink(cookiefile);
Sleep(1000);
curl_global_init(CURL_GLOBAL_ALL);
cURLHandle = curl_easy_init();
curl_easy_setopt(cURLHandle, CURLOPT_DEBUGFUNCTION, cURLCallbackFunc_DebugTraceFuncEL);
curl_easy_setopt(cURLHandle, CURLOPT_DEBUGDATA, ptInfo);
curl_easy_setopt(cURLHandle, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(cURLHandle, CURLOPT_URL, "http://curl.se");
curl_easy_setopt(cURLHandle, CURLOPT_COOKIESESSION, 1L);
curl_easy_setopt(cURLHandle, CURLOPT_COOKIEFILE, cookiefile);
curl_easy_setopt(cURLHandle, CURLOPT_COOKIEJAR, cookiefile);
cURLRetValue = curl_easy_perform(cURLHandle);
free(ptInfo->strbuf);
ptInfo->allocated = 0;
ptInfo->size = 0;
ptInfo->strbuf = NULL;
curl_easy_cleanup(cURLHandle);
curl_global_cleanup();
OPENSSL_cleanup();
_CrtMemDumpAllObjectsSince(NULL);
printf("\n");
return 0;
}The crash is because the memory used by your debug callback is freed before calling curl_easy_cleanup. As long as DEBUGFUNCTION is set then any curl_xxx function that operates on the handle may call it. As you've already figured out, when you free the memory after curl_easy_cleanup then there is no crash. However, your original example in VB code seems to show that you already do that... Can you confirm that there is no crash in your actual code if you free the memory after curl_easy_cleanup? Note the C example will crash with curl-7_88_1 but not with master (674a066 2023-03-10) because 45d4bf5 changed the behavior not to re-read the cookie files on cleanup so there is no verbose text (like file not found etc) when that happens. Even though it doesn't crash that's just by chance. It still may crash if you free the memory before curl_easy_cleanup. |
|
Yes, there is no crash if i free memory after curl_easy_cleanup(). |
|
No problem, thanks for the update. |
bch
pushed a commit
to bch/curl
that referenced
this issue
Jul 19, 2023
- Free set.cookelist in Curl_freeset instead of Curl_close. Prior to this change the cookielist linked list wasn't freed by curl_easy_reset which calls Curl_freeset to free all set. Bug: curl#10694 (comment) Reported-by: Sergey Ryabinin Closes curl#10709
bch
pushed a commit
to bch/curl
that referenced
this issue
Jul 19, 2023
This also tests for the memory leak bug fixed by parent commit b559ef6. Ref: curl#10694 Closes curl#10712
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I get crush with libcurl v7.88.1 on call to curl_easy_cleanup() if cookies file is not exists originally.
If I manually create blank text-file (with relevant filename) - there a no crush and file content successfully written (in my test case only header as there is no cookies).
Without CURLOPT_COOKIEJAR option set - there a no crush...
With libcurl v7.86.0 crush did not happen, but also cookies file was not created/written.
If I remember right, with some previous version cookiesfile was created without problems...
Cookes engine setup (Windows):
on beginning of connection log there a message:
WARNING: failed to open cookie file "* full file path to cookie file *"
I expected the following
I expected cookes file is created/written by libcurl...
The text was updated successfully, but these errors were encountered: