In 7.12.3, the function Curl_failf in lib/sendf.c can call vsnprintf
twice in succession on the same variable data, with no reset between the
calls.

Unfortunately, vsnprintf can leave the variable data in an undefined
state. On my machine (Linux running on a PowerMac), this causes a
segmentation fault in the second call to vsnprintf. I've only seen this
happen on things like

        curl -v non-existing-and-weeeeeeirdname

(taken from testcase 20, if I remember correctly).

The attached patch fixes this.

--- lib/sendf.c.orig 2004-12-06 18:04:31.000000000 -0500
+++ lib/sendf.c 2005-01-03 22:04:18.381988638 -0500
@@ -154,15 +154,20 @@
 void Curl_failf(struct SessionHandle *data, const char *fmt, ...)
 {
   va_list ap;
- va_start(ap, fmt);
   if(data->set.errorbuffer && !data->state.errorbuf) {
+ va_start(ap, fmt);
     vsnprintf(data->set.errorbuffer, CURL_ERROR_SIZE, fmt, ap);
+ va_end(ap);
+
     data->state.errorbuf = TRUE; /* wrote error string */
   }
   if(data->set.verbose) {
       size_t len;
 
+ va_start(ap, fmt);
       vsnprintf(data->state.buffer, BUFSIZE, fmt, ap);
+ va_end(ap);
+
       len = strlen(data->state.buffer);
 
       if(len < BUFSIZE - 1) {
@@ -171,8 +176,6 @@
       }
       Curl_debug(data, CURLINFO_TEXT, data->state.buffer, len, NULL);
   }
-
- va_end(ap);
 }
 
 /* Curl_sendf() sends formated data to the server */
Received on 2005-01-04