curl-library
Re: curl_easy_perform crash in Curl_do after Curl_reconnect_request has been called
Date: Wed, 26 Sep 2012 08:57:28 -0700 (PDT)
Sorry I ddn't make it clear. Yes, it crashed in curl_easy_perform() because of the same reason.
The previous fix is good if the return error is CURLE_OK or CURLE_SEND_ERROR but when I use debugger to walk throught and try to simulate the failure by forcing it to call Curl_reconnect_request() from Curl_do(), Curl_done() returned
CURLE_GOT_NOTHING and free the memory for conn, which is the same memory for *connp got freed but *connp is not set to NULL and crash later in:
static CURLcode Curl_do_perform(struct SessionHandle *data)
{
...
if(res == CURLE_OK) {
...
// returned CURLE_GOT_NOTHING, conn got freed but not set to NULL
res = Curl_do(&conn, &do_done);
...
if(res == CURLE_OK) {
...
}
else if(conn)
...
// crash inside since conn has no valid memory
(void)Curl_done(&conn, res, FALSE);
This may not be a valid test case, just I am not sure that we will never hit the condition that Curl_done() returns different errors. From the aspect of programming, since the memory is freed from Curl_done() in Curl_reconnect_request(), we should set it to NULL to avoid further access.
Thanks,
Ho-chi Chen
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-09-26