Hi Daniel,

> Test 554 and 587 run the same code so there's no wonder they both show the same crash.
>
>> #2 0x0000000100008c3b in AddFormData (formp=0x7fff5fbff2d0, type=FORM_CONTENT, line=0x10015cdc8, length=4294967305, size=0x7fff5fbff2b0) at formdata.c:805
>
> Here is the error visible. length is exactly 32bits too big. The actual size as passed in from lib554.c is 9, and this vale (4294967305) is 0x100000009.
>
> The question is why. The code has some annoying typecasts between types long and size_t, but I didn't detect any particular flaw and it works on lots of other systems both 32bit and 64bit so it really isn't easy to spot the flaw.
>
> I also checked and the formdata source code really hasn't changed much in a long while...
>
> Can you figure out how that value gets so wrong? I can't repeat this error on any of my machines... (I don't have any mac)

The problem is the following code at line 148 of lib554.c

  formrc = curl_formadd(&formpost, &lastptr,
                        CURLFORM_COPYNAME, "somename",
                        CURLFORM_BUFFER, "somefile.txt",
                        CURLFORM_BUFFERPTR, "blah blah",
                        CURLFORM_BUFFERLENGTH, 9,
                        CURLFORM_END);

The two lines in red need to be switched, as the Curl_getformdata expects BUFFERLENGTH to be defined before you refer to BUFFERPTR.
With this change curl 7.26 builds cleanly -- yippee!

Thanks for your help and patience,
Neil

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-07