cURL / Mailing Lists / curl-library / Single Mail


Re: libCurl 7.18.2: sigsegv in file http.c / function http_output_basic()

From: Daniel Stenberg <>
Date: Sat, 28 Feb 2009 13:43:59 +0100 (CET)

On Sat, 28 Feb 2009, Stefan Krause wrote:

> In the function http_output_basic(), the function free() is called at two
> places: both dealing with access to HTTP proxy credentials.

Right, but they are different. The first frees a previously allocated header,
while the second frees a base64-encoded chunk of memory (from the
Curl_base64_encode call above).

> In that function, there are no major differences between 7.18.2 and 7.19.3.
> So, 7.19.3 might be affected as well.

Yes, but a free() causing havoc could just as well be because your app messed
up the memory before or similar, it is not necessarily the particular piece
that calls free() that is to blame here.

> Currently, I am not able to reproduce it, but will try to do that.

Please do. It'll of course help a lot if you write up a smaller app you can
run on linux or similar to repeat the problem with, as then valgrind, gdb and
other tools will make life a lot easier to us in this end who don't have QNX

> From source code / design point of view: Might there be problems with proxy
> credential access when using multi handle with two (or more easy handles) ?

No, unless you stepped into a bug.

Received on 2009-02-28