On Mon, 13 Jun 2011, Aaron Orenstein wrote:

> The problem is that fread() is returning a value which is greater than 0 but
> less than size. As a result readformfile() isn't closing the file but since
> the return value is smaller than size then Curl_FormReader() thinks it's
> done.

Oh. Right. Thanks for explaining, I'm clearly blind or just not thinking
straight (or both!).

The condition for the loop in curl_formget() isn't very clever. We should
rather have the readfromfile() function tell when the file is completely read.

> So - you're okay with the callback overwriting the buffer and scribbling all
> over memory?

Not at all. There are several documented return codes that are larger than the
input size and a read function callback are fully allowed to return those in
normal cases. Also, but much less important, there can be mistakes in user
code.

> (b) where does it ensure that you didn't leak a FILE*? Is there some
> checking in UNITTEST_STOP?

The entire test suite is built and run with two layers of memory leak systems,
first a custom made that curl uses with --enable-debug is used, and then it
runs most tests with valgrind on linux if available.

I've fixed this problem now and I've extended test case 1308 to exercise a
file upload and curl_formget() and it did repeat the problem before my fix:
https://github.com/bagder/curl/commit/0aedccc18a33

Thanks a lot for your report and patience. Please have a try with a daily
build of tonight or from git and tell me how it works out!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html