On Tue, Aug 11, 2009 at 12:00:46AM +0200, Daniel Stenberg wrote:
> 255 - debugging a crash in Curl_pgrsTime/checkPendPipeline?

This is sort of a three part problem.

1. If a pipelined connection encounters an error that breaks the pipe
after an easy handle has transitioned from perform to done, but the done
method hasn't been invoked, then it's possible to access free'd memory.
(My application crashed.)

2. If a pipelined connection gets a send error in Curl_do in the do
stage, and the client successfully reconnects, two things can go wrong:

  A. The new connectdata isn't assigned the SessionHandle of the
  piplined session in send_pipe. If the pipe later breaks due to an
  error, the Curl_one_easy's easy_conn isn't cleared. When this happens
  it's possible to access free'd memory. (My application crashed here
  too.)

  B. If Curl_do returns a send_error after receiving some amount of data
  from the peer, and the subsequent re-connection is successful, curl
  doesn't remove the data from the failed download from the file. This
  means we see a partial copy of the failed download in the file,
  followed by the full contents of the successful download. (My
  application reported data corruption in this case.)

The patch I sent out last week fixes 1 and 2a. I'm working on a fix for
2b now.

> As always, we can use more hands here!

Yes, I have a similar problem. I fractured my hand in a bicycle crash
on Saturday, leaving me only one hand for typing. It may take me a bit
longer than usual to get through 2b.

-j
Received on 2009-08-11