cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] segfault when cancelling pipelined requests

From: Dmitry Kurochkin <dmitry.kurochkin_at_gmail.com>
Date: Tue, 22 Jan 2008 15:17:52 +0300

Hello.

I found another bug in pipelining. Steps to reproduce:

1. Add the following postcmd to reply section of test530 data:

This makes test530 fail due to bad handling of pipeline requests in
sws (I plan to fix it in another patch).

2. ./runtests.pl -k -v 530

It timeouts and segfaults while doing cleanup.

The problem is that when curl_multi_remove_handle() is called for
pipelined requests in lib530.c:167, easy handle does not "own"
connection. Check at multi.c:612 fails and Curl_done() is not called.

Easy handle is left in pipeline, and we call cleanup for it at
lib530.c:168. Later when signalPipeClose() gets to this handle we get
"signalPipeClose() found BAAD easy handle" message and segfault.

I am not sure this is correct solution. Counting on you here, Daniel.

Regards,
Dmitry

text/x-diff attachment: cancel_pipeline_segfault.patch

Received on 2008-01-22

This message: [ Message body ]
Next message: Vincenzo Moccia: "Large POST body"
Previous message: Daniel Stenberg: "Re: [PATCH] HttpOnly"
Next in thread: Daniel Stenberg: "Re: [PATCH] segfault when cancelling pipelined requests"
Reply: Daniel Stenberg: "Re: [PATCH] segfault when cancelling pipelined requests"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]