Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

windows curl crash with libuv & multi #12578

Closed
calvin2021y opened this issue Dec 21, 2023 · 3 comments
Closed

windows curl crash with libuv & multi #12578

calvin2021y opened this issue Dec 21, 2023 · 3 comments
Labels
crash HTTP/2

Comments

@calvin2021y
Copy link

calvin2021y commented Dec 21, 2023
edited

I did this

test 8.50, 5d2b0faec219db1cea07ef0ca6c804c4f172f93d. test with patch 12562, 12563. get same error.

libcurl multi with http2, tls and libuv.

I expected the following

expect it work. (used to work, recent upgrade get a lot problem)

curl/libcurl version

8.50, and master branch. and try a few patchs.

operating system

windows.

* thread #1, stop reason = Exception 0x80000003 encountered at address 0x7ffae3905871
  * frame #0: 0x00007ffae3905872 libclang_rt.asan_dynamic-x86_64.dll`__sanitizer::internal__exit(int) at sanitizer_win.cpp:847:20
    frame #1: 0x00007ffae3906b37 libclang_rt.asan_dynamic-x86_64.dll`__sanitizer::Die() at sanitizer_termination.cpp:59:3
    frame #2: 0x00007ffae393bdad libclang_rt.asan_dynamic-x86_64.dll`::~ScopedInErrorReport() at asan_report.cpp:192:7
    frame #3: 0x00007ffae393ad84 libclang_rt.asan_dynamic-x86_64.dll`::ReportGenericError() at asan_report.cpp:497:1
    frame #4: 0x00007ffae3932b6e libclang_rt.asan_dynamic-x86_64.dll`::__asan_memcpy() at asan_interceptors_memintrinsics.cpp:63:3
    frame #5: 0x00007ff78b518f69 test.exe`Curl_strerror
    frame #6: 0x00007ff78bbacdcb test.exe`cf_socket_send
    frame #7: 0x00007ff78bbf2093 test.exe`ossl_bio_cf_out_write
    frame #8: 0x00007ff78bc37396 test.exe`bwrite_conv
    frame #9: 0x00007ff78b778d62 test.exe`bio_write_intern
    frame #10: 0x00007ff78b778ac3 test.exe`BIO_write
    frame #11: 0x00007ff78bc4dd6a test.exe`ssl3_write_pending
    frame #12: 0x00007ff78bc506b9 test.exe`do_ssl3_write
    frame #13: 0x00007ff78be92745 test.exe`ssl3_dispatch_alert
    frame #14: 0x00007ff78bd5c948 test.exe`ssl3_shutdown
    frame #15: 0x00007ff78b7634e0 test.exe`SSL_shutdown
    frame #16: 0x00007ff78bbeaff9 test.exe`ossl_close
    frame #17: 0x00007ff78b6f264b test.exe`ssl_cf_close
    frame #18: 0x00007ff78b6d93e2 test.exe`cf_setup_close
    frame #19: 0x00007ff78bbdecec test.exe`cf_hc_close
    frame #20: 0x00007ff78b6bcfe2 test.exe`Curl_disconnect
    frame #21: 0x00007ff78b6c621b test.exe`prune_dead_connections
    frame #22: 0x00007ff78b6c1f51 test.exe`Curl_connect
    frame #23: 0x00007ff78b504d0b test.exe`multi_runsingle
    frame #24: 0x00007ff78b50cf22 test.exe`multi_socket
    frame #25: 0x00007ff78b50d49d test.exe`curl_multi_socket_action
    frame #26: 0x00007ff78b34735d test.exe`curl_perform
    frame #27: 0x00007ff78b4a48b4 test.exe`uv__run_timers
 AddressSanitizer: global-buffer-overflow on address 0x7ff78c28ac37 at pc 0x7ffae3932b44 bp 0x00e78f4f98b0 sp 0x00e78f4f98f8

0x7ff78c28ac37 is located 41 bytes before global variable '.str.161' defined in 'curl/lib/strerror.c' (0x7ff78c28ac60) of size 21
  '.str.161' is ascii string 'Connection was reset'
0x7ff78c28ac37 is located 0 bytes after global variable '.str.160' defined in 'curl/lib/strerror.c' (0x7ff78c28ac20) of size 23
  '.str.160' is ascii string 'Connection was aborted'

when test with http2 (without ssl), I get no problem. build with openssl 1.1.1w.
@bagder
Copy link
Member

bagder commented Dec 21, 2023
edited

frame #4: 0x00007ffae3932b6e libclang_rt.asan_dynamic-x86_64.dll`::__asan_memcpy() at asan_interceptors_memintrinsics.cpp:63:3

frame #5: 0x00007ff78b518f69 test.exe`Curl_strerror

Can you set a break-point there and figure out why this memcpy is problematic?

@bagder
Copy link
Member

bagder commented Dec 21, 2023

Ah I see it... PR coming up

@bagder
Copy link
Member

bagder commented Dec 21, 2023

I broke the windows strerror in ff74cef

bagder added a commit that referenced this issue Dec 21, 2023
@bagder
strerror: repair get_winsock_error()
b25827f 
It would try to read longer than the provided string and crash.

Follow-up to ff74cef
Reported-by: calvin2021y on github
Fixes #12578
@bagder bagder mentioned this issue Dec 21, 2023
Closed
@bagder bagder closed this as completed in a719be8 Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash HTTP/2
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

strerror: repair get_winsock_error() curl/curl
2 participants
@bagder @calvin2021y