cURL / Mailing Lists / curl-library / Single Mail

curl-library

ares + curl_multi : segfault on lookup failure

From: Jeff Pohlmeyer <yetanothergeek_at_yahoo.com>
Date: Mon, 18 Aug 2003 23:48:22 -0700 (PDT)

When a lookup fails in ares, Curl_connecthost() in connect.c
gets a NULL pointer in the remotehost argument, and then tries to
dereference it on line 606, causing a segfault.

Here is an example to reproduce the problem:

#include <stdio.h>
#include <string.h>
#include <sys/time.h>
#include <unistd.h>
#include <curl/curl.h>

#define NUM_HANDLES 4

char *urls[NUM_HANDLES] = {
"http://www.aol.com",
"http://www.sun.com",
"http://nosuch.not", /* <<<<---- BAD URL !!! */
"http://sourceforge.net",
};

size_t write_cb(char *buffer, size_t size, size_t nitems, void *outstream) {
printf("%s %d\n", outstream, size*nitems);
return size*nitems;
}

int main(void){
  CURL* curls[NUM_HANDLES];
  CURLM* multi;
  int still_running;
  int i;

  multi = curl_multi_init();
  for (i=0; i<NUM_HANDLES; i++){
    curls[i]=curl_easy_init();
    curl_easy_setopt(curls[i], CURLOPT_URL, urls[i]);
    curl_easy_setopt(curls[i], CURLOPT_WRITEFUNCTION, write_cb);
    curl_easy_setopt(curls[i], CURLOPT_FOLLOWLOCATION, 1);
    curl_easy_setopt(curls[i], CURLOPT_FILE, urls[i]);
    curl_multi_add_handle(multi, curls[i]);
  }

  while ( CURLM_CALL_MULTI_PERFORM == curl_multi_perform(multi, &still_running) );
  while(still_running) {
    struct timeval timeout;
    int rc;
    fd_set fdread;
    fd_set fdwrite;
    fd_set fdexcep;
    int maxfd;
    FD_ZERO(&fdread);
    FD_ZERO(&fdwrite);
    FD_ZERO(&fdexcep);
    timeout.tv_sec = 1;
    timeout.tv_usec = 0;
    curl_multi_fdset(multi, &fdread, &fdwrite, &fdexcep, &maxfd);
    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
    switch(rc) {
      case -1:
        break;
      case 0:
      default:
        while (CURLM_CALL_MULTI_PERFORM == curl_multi_perform(multi, &still_running));
        break;
    }
  }
  curl_multi_cleanup(multi);
  for (i=0; i<NUM_HANDLES; i++){
  curl_easy_cleanup(curls[i]);
  }
  return 0;
}

This seems to solve (or at least hide) the problem:

--- connect.c.OEM Tue Aug 19 01:02:20 2003
+++ connect.c Tue Aug 19 01:36:12 2003
@@ -603,7 +603,7 @@
   /*
    * Connecting with IPv4-only support
    */
- if(!remotehost->addr->h_addr_list[0]) {
+ if( (!remotehost) || !remotehost->addr->h_addr_list[0]) {
     /* If there is no addresses in the address list, then we return
        error right away */
     failf(data, "no address available");

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
Received on 2003-08-19

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Memory leak when using OpenSSL"
Previous message: ruffnex: "Handling transparent proxy e.g. NetCache (HTTP VIA)"
Next in thread: Daniel Stenberg: "Re: ares + curl_multi : segfault on lookup failure"
Reply: Daniel Stenberg: "Re: ares + curl_multi : segfault on lookup failure"
Maybe reply: Jeff Pohlmeyer: "Re: ares + curl_multi : segfault on lookup failure"
Maybe reply: Jeff Pohlmeyer: "Re: ares + curl_multi : segfault on lookup failure"
Maybe reply: Jeff Pohlmeyer: "Re: ares + curl_multi : segfault on lookup failure"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]