Hello, curl-users.

The following code produces an access violation:
=====
#include <cassert>

#include <curl/curl.h>

int main()
{
        CURLM * l_multi;
        CURL * l_easy;
        l_multi = curl_multi_init();
        assert(NULL != l_multi);
        l_easy = curl_easy_init();
        assert(NULL != l_easy);
        CURLMcode l_mcode = curl_multi_add_handle(l_multi, l_easy);
        assert(CURLM_OK == l_mcode);
        // There is no any listening socket on port 20000 on my
        // computer.
        CURLcode l_code = curl_easy_setopt(l_easy, CURLOPT_URL, "http://localhost:20000/");
        assert(CURLE_OK == l_code);
        int l_runningHandles;
        do
        {
                l_mcode = curl_multi_perform(l_multi, &l_runningHandles);
        } while (CURLM_CALL_MULTI_PERFORM == l_mcode);
        assert(CURLM_OK == l_mcode);
        l_mcode = curl_multi_remove_handle(l_multi, l_easy);
        assert(CURLM_OK == l_mcode);
        curl_easy_cleanup(l_easy);
        l_mcode = curl_multi_cleanup(l_multi);
        assert(CURLM_OK == l_mcode);
        // During this sleep access violation appears within second
        // application thread (named gethostbyname_thread), created by libcurl internals.
        Sleep(100);
}
=====

Access violation appeared in several different places within
gethostbyname_thread, one of them has the following call stack:
=====
libcurl.dll!addrinfo_callback(void * arg=0x003a2178, int status=0, void * addr=0x00346680) Line 126 + 0x3 C
libcurl.dll!Curl_addrinfo4_callback(void * arg=0x003a2178, int status=0, hostent * hostent=0x00346680) Line 161 + 0x11 C
libcurl.dll!gethostbyname_thread(void * arg=0x003a2178) Line 215 + 0xf C
libcurl.dll!_threadstartex(void * ptd=0x003a2958) Line 241 + 0xd C
kernel32.dll!7c80b50b()
kernel32.dll!7c8399f3()
=====

The source line where AV appears is:
=====
      if(data->share)
=====
I run this code in Debug version, so my environment sets all pointers
to "garbage" values after calls to free. So local variables of
addrinfo_callback has the following values:
=====
+ data 0xfeeefeee {hostcache=??? multi=??? share=??? ...} SessionHandle *
+ ai 0x003a2a20 {ai_flags=0 ai_family=2 ai_socktype=1 ...} Curl_addrinfo *
        arg 0x003a2178 void *
        status 0 int
        addr 0x00346680 void *
+ conn 0x003a2178 {data=0xfeeefeee {hostcache=??? multi=??? share=??? ...} connectindex=-17891602 protocol=-17891602 ...} connectdata *
+ dns 0x00000000 {addr=??? timestamp=??? inuse=??? } Curl_dns_entry *
        rc CURLE_OK CURLcode
=====

My configuration: Windows XP, SP2, MSVC 7.1, libcurl v7.14.0

As I understand, libcurl creates additional thread to resolve host
name on first calls to curl_multi_perform, but neither
curl_easy_cleanup, nor curl_multi_cleanup functions do not terminate
the thread. But these functions free memory allocated bu easy and
multi handles, so when thread tries to access this memory, this causes
access violation.

One more thing, this code produces AV only when I run it in the MSVC
debugger in Debug mode.

May be there is an incorrect use of libcurl API in this code, please
point me, where ? Or is it a bug in this version of libcurl ?

-- 
Best regards,
 Igor Polyakov                          mailto:ipolyakov_at_issart.com