cURL / Mailing Lists / curl-library / Single Mail

curl-library

Crash in Curl_raw_nequal

From: Alexander Agranovsky <alex_at_voxeo.com>
Date: Tue, 29 May 2012 16:36:51 -0400

Hello,

We're using libcurl 7.19.6, and are seeing a crash similar to the one reported earlier in http://curl.haxx.se/mail/lib-2011-12/0289.html

The crash occurs on Linux (Centos 5.x, x64), and the stack looks like

Operating system: Linux
                  0.0.0 Linux 2.6.18-238.9.1.el5 #1 SMP Tue Apr 12 18:10:13 EDT 2011 x86_64
CPU: amd64
     family 6 model 23 stepping 6
     4 CPUs

Crash reason: SIGSEGV
Crash address: 0x60

Thread 5 (0x6C87) - (crashed)
0 libvio.so!Curl_raw_nequal [rawstr.c : 116 + 0x0]
    rbx = 0x00002aaab987ba60 r12 = 0x00002b9e31454800
    r13 = 0x0000000041ec1174 r14 = 0x00002aaac0624830
    r15 = 0x0000000041ec12cc rip = 0x00002b9e3142b6cb
    rsp = 0x0000000041ec0f80 rbp = 0x0000000000000060
    Found by: given as instruction pointer in context
1 libvio.so!checkheaders [http.c : 182 + 0xd]
    rbx = 0x00002aaab987ba60 r12 = 0x00002b9e31454800
    r13 = 0x0000000041ec1174 r14 = 0x00002aaac0624830
    r15 = 0x0000000041ec12cc rip = 0x00002b9e3143012a
    rsp = 0x0000000041ec0fb0 rbp = 0x000000000000000b
    Found by: call frame info
2 libvio.so!Curl_http [http.c : 2133 + 0xe]
    rbx = 0x0000000000000000 r12 = 0x00002aaac18e7750
    r13 = 0x0000000041ec1174 r14 = 0x00002aaac0624830
    r15 = 0x0000000041ec12cc rip = 0x00002b9e31430e9c
    rsp = 0x0000000041ec0fd0 rbp = 0x00002aaaba21a840
    Found by: call frame info
3 libvio.so!Curl_do [url.c : 5000 + 0x4]
    rbx = 0x0000000000000000 r12 = 0x00002aaab980f4b8
    r13 = 0x0000000041ec1174 r14 = 0x0000000041ec11d8
    r15 = 0x0000000041ec12cc rip = 0x00002b9e31437888
    rsp = 0x0000000041ec1110 rbp = 0x00002aaaba21a840
    Found by: call frame info
4 libvio.so!multi_runsingle [multi.c : 1166 + 0x10]
    rbx = 0x00002aaab980f4a0 r12 = 0x00002aaab83b4f20
    r13 = 0x0000000000000000 r14 = 0x0000000041ec11d8
    r15 = 0x0000000041ec12cc rip = 0x00002b9e3142893e
    rsp = 0x0000000041ec1150 rbp = 0x00002aaab980f4b8
    Found by: call frame info
5 libvio.so!curl_multi_perform [multi.c : 1534 + 0xa]
    rbx = 0x00002aaab980f4a0 r12 = 0x00002aaab83b4f28
    r13 = 0x0000000000000000 r14 = 0x0000000041ec11d8
    r15 = 0x0000000041ec12cc rip = 0x00002b9e31428c90
    rsp = 0x0000000041ec11b0 rbp = 0x00002aaab83b4f20
    Found by: call frame info
6 libvio.so!multi_socket [multi.c : 1845 + 0x4]
    rbx = 0x00002aaab94c6f68 r12 = 0x00002aaab94c6e50
    r13 = 0x00002aaab83b4f28 r14 = 0x0000000041ec12cc
    r15 = 0x0000000000000000 rip = 0x00002b9e31428e49
    rsp = 0x0000000041ec1220 rbp = 0x00002aaab83b4f20
    Found by: call frame info
7 libvio.so!curl_multi_socket_all [multi.c : 2023 + 0x4]
    rbx = 0x00002aaab94c6f68 r12 = 0x00002aaab94c6e50
    r13 = 0x0000000018a7c770 r14 = 0x0000000041ec1b8f
    r15 = 0x0000000000000000 rip = 0x00002b9e31428f55
    rsp = 0x0000000041ec1290 rbp = 0x00002aaab83b4f20
    Found by: call frame info
.......
more our code follows on the stack
........

Like the poster of the original thread, we're also using libevent, and the crashes started to occur after the conversion to libevent (haven't seen it with the regular select()). So far we've seen four instances, but there's no way to reliably reproduce.
I was wondering, if there's any new/additional information or resolution for this crash.

- Alex

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-05-29

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Crash in Curl_raw_nequal"
Previous message: slon v sobstvennom palto: "Re: curl-library Digest, Vol 81, Issue 37"
Next in thread: Daniel Stenberg: "Re: Crash in Curl_raw_nequal"
Reply: Daniel Stenberg: "Re: Crash in Curl_raw_nequal"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]