cURL / Mailing Lists / curl-library / Single Mail


BUG: free statement in http_negotiate.c giving heap error

From: Arunav Sanyal <>
Date: Mon, 25 Mar 2013 14:16:35 +0530

There is a line in libcurl's http_negotiate.c:-


it is defined withing #ifdef HAVE_SPNEGO , #endif part. I built libcurl
with GSS_NEGOTIATE(MIT Kerberos) and SPNEGO support(fbopenssl and openssl).
This line is appearing in a stack trace(the last function in libcurl called
which then requests msvcr90.dll(outside curl) for services) which
ultimately leads to an error:-

Debug assertion has failed:-
Line 1317

Expression : _CrtIsValidHeapPointer(pUserData)

and the affteted code is

         * If this ASSERT fails, a bad pointer has been passed in. It may be
         * totally bogus, or it may have been allocated from another heap.
         * The pointer MUST come from the 'local' heap.

I commented this line out(and some more free() lines) and built it again
and the negotiate on a kerberos protected page works properly.

I did a little investigation. The pointer is defined as:-

typedef struct gss_buffer_desc_struct {
    size_t length;
    void *value;

which is defined in gssapi.h. Moreover:-

struct negotiatedata {
.... //other members
gss_buffer_desc output_token;
..... //other members

is defined in urldata.h

Now i couldnt find any malloc calls anywhere which allocates memory to
output_token.value anywhere. That could be a possible reason(I didnt
thoroughly check every file in curl src).

Please confirm this as a bug, or give me pointers in how to solve this

Arunav Sanyal
4th year undergraduate student
B.E (Hons) Computer Science
BITS Pilani K.K Birla Goa Campus

List admin:
Received on 2013-03-25