Bugs item #523718, was opened at 2002-02-27 20:25
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=100976&aid=523718&group_id=976

Category: libcurl
Group: crash
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Daniel Stenberg (bagder)
Summary: url.c free/pointer crash

Initial Comment:
libcurl-7.9.5-pre4 Bug:

I found a bug in url.c (url.c,v 1.190 2002/02/17
11:17:37) but am not sure how
it should be fixed.

Function name:

static CURLcode CreateConnection(struct SessionHandle
*data,
                                 struct connectdata
**in_connect)

line: 1986, 1987, and 2002

    /* we need these pointers if we speak over a proxy
*/
1986: conn->hostname = old_conn->gname;
1987: conn->name = old_conn->name;

    free(conn->path); /* free the previously
allocated path pointer */

    /* 'path' points to the allocated data, 'ppath'
may have been advanced
       to point somewhere within the 'path' area. */
   conn->path = path;
   conn->ppath = ppath;

    /* re-use init */
    conn->bits.reuse = TRUE; /* yes, we're re-using
here */
    conn->bits.chunk = FALSE; /* always assume not
chunked unless told
                                 otherwise */
    conn->maxdownload = -1; /* might have been used
previously! */

2002: free(old_conn); /* we don't need this
anymore */

on the first two lines you set two pointers in the new
conn structure to values
in the old_conn structure and then on line 2002 you
free(old_conn) - OOPS!!!!

I commented lines 1986 and 1987 out and it appeared to
work (fingers crossed!!)
but don't know the implications of this.

----------------------------------------------------------------------

You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=100976&aid=523718&group_id=976
Received on 2002-02-28