cURL / Mailing Lists / curl-library / Single Mail

curl-library

libCurl 7.18.2: sigsegv in file http.c / function http_output_basic()

From: Stefan Krause <stefan.krause_at_gmx.net>
Date: Sat, 28 Feb 2009 12:10:43 +0100

Hi friends of libCurl,

in version 7.18.2 I observed a sigsegv in http.c / function
http_output_basic().
OS is QNX 6.3.2, multi interface was used. Easy handles were configured
to use
a HTTP proxy server.
At that time, one easy handle was active in the multi handle and just
before the sigsegv,
a second easy handle was added to the multi handle.

The stack backtrace is as follows:

#0 0x7032585c in list_release () from
/cygdrive/d/P4/HU/qnx632/target/qnx6/shle/lib/libc.so.2
#1 0x70326170 in _prelocked_free () from
/cygdrive/d/P4/HU/qnx632/target/qnx6/shle/lib/libc.so.2
#2 0x70326278 in _free () from
/cygdrive/d/P4/HU/qnx632/target/qnx6/shle/lib/libc.so.2
#3 0x703234f4 in free () from
/cygdrive/d/P4/HU/qnx632/target/qnx6/shle/lib/libc.so.2
#4 0x089d70f4 in http_output_basic ()
#5 0x089d75ec in http_output_auth ()
#6 0x089d8aee in Curl_http ()
#7 0x089e1cc8 in Curl_do ()
#8 0x089d4f68 in multi_runsingle ()
#9 0x089d5492 in curl_multi_perform ()

In the function http_output_basic(), the function free() is called at
two places: both dealing
with access to HTTP proxy credentials. In that function, there are no
major differences between
7.18.2 and 7.19.3. So, 7.19.3 might be affected as well. Currently, I
am not able to reproduce it, but will try to do that.

 From source code / design point of view: Might there be problems with
proxy credential access when using multi handle with two
(or more easy handles) ?

Best regards,

     Stefan
Received on 2009-02-28