New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Function parsefmt cannot parse "I64d" when macro MP_HAVE_INT_EXTENSIONS is not defined (by default it is not defined)! #12944
Comments
This preprocessor code is no longer there (in file mprintf.c)!
Instead it is now:
But macro So when libcurl is compiled by any compiler that is not on this short list and uses macro CURL_FORMAT_CURL_OFF_T as "I64d", the code will crash when processing cookies! IMO this function parsefmt should parse the format string "%I64d" unconditionally. |
We probably don't support that compiler any longer. /cc @vszakats |
But it is still on the market as a part of Embarcadero C++ Builder or Embarcadero Rad Studio. So I propose to add it to this list of compilers in mprintf.c like this:
to prevent this hard to find error. |
There are other compilers (defined in the file system.h) that will generate libcurl code affected by this parser error:
I am not sure that this macro MP_HAVE_INT_EXTENSIONS that limits the format string parser abilities (when not defined) is necessary. IMO it is a point of failure. |
- Support I32 & I64 (eg: %I64d) for all Win32 builds. Prior to this change mprintf support for the I format prefix, which is a Microsoft extension, was dependent on the compiler used. When Borland support was removed in fd7ef00 the prefix was then no longer supported for that compiler; however since it's still possible to build with Borland I'm restoring support for the prefix in this way. Reported-by: Paweł Witas Fixes curl#12944 Closes #xxxx
The format is Microsoft specific so I'm proposing broader support in #12950 |
I did this
I compiled libcurl statically with OpenSSL 1.1.1w (linked dynamically) by using CMake and Embarcadero bcc32 v. 7.0 compiler.
To do this I had to make some minor corrections in the code that are not related with the issue:
In file curl_setup.h I defined:
In file vtls.c I added
#undef random
before function Curl_ssl_random.
in file openssl.c I added pragmas for linker:
where openssl libs were converted to bcc32 OMF linker format by commands:
In files objects1.rsp (generated by CMake) I replaced UNIX path separators / by Windows path separators \
I expected the following
I expected my app to download a car report from historiapojazdu.gov.pl (polish Central Vehicle Register). But it crashed with code C0000005.
I managed to find the cause: function parsefmt defined in file mprintf.c cannot parse the substring "%I64d" when macro MP_HAVE_INT_EXTENSIONS is not defined. And by default, it is not defined!
So this function ignored "%I64d" and set the type FORMAT_STRING in va_input.type, then wrote value hex: 7FFFFFFF (cookie expiration date) to va_input.val.str by the code:
And it caused a crash when accessing this invalid pointer.
The following parser code depends on macro MP_HAVE_INT_EXTENSIONS :
file mprintf.c
line 350
curl/libcurl version
curl 8.6.0 (I built libcurl.lib only, no curl.exe because of linker error Unresolved external '_main' and because I don't need it).
operating system
Windows 10 Professional
The text was updated successfully, but these errors were encountered: