cURL / Mailing Lists / curl-library / Single Mail


libCurl 7.18.2: sigsegv in file http.c / function http_output_basic()

From: Stefan Krause <>
Date: Sat, 28 Feb 2009 12:10:43 +0100

Hi friends of libCurl,

in version 7.18.2 I observed a sigsegv in http.c / function
OS is QNX 6.3.2, multi interface was used. Easy handles were configured
to use
a HTTP proxy server.
At that time, one easy handle was active in the multi handle and just
before the sigsegv,
a second easy handle was added to the multi handle.

The stack backtrace is as follows:

#0 0x7032585c in list_release () from
#1 0x70326170 in _prelocked_free () from
#2 0x70326278 in _free () from
#3 0x703234f4 in free () from
#4 0x089d70f4 in http_output_basic ()
#5 0x089d75ec in http_output_auth ()
#6 0x089d8aee in Curl_http ()
#7 0x089e1cc8 in Curl_do ()
#8 0x089d4f68 in multi_runsingle ()
#9 0x089d5492 in curl_multi_perform ()

In the function http_output_basic(), the function free() is called at
two places: both dealing
with access to HTTP proxy credentials. In that function, there are no
major differences between
7.18.2 and 7.19.3. So, 7.19.3 might be affected as well. Currently, I
am not able to reproduce it, but will try to do that.

 From source code / design point of view: Might there be problems with
proxy credential access when using multi handle with two
(or more easy handles) ?

Best regards,

Received on 2009-02-28