On Wed, 14 Dec 2016, Theo van Klaveren wrote:

> I am seeing an intermittent (2-3 times a week) segfault inside libcurl code,
> and it is frequent enough that it is becoming a real problem. I'm having
> problems finding the root cause so any help would be appreciated.
>
> A bit of context: This is an application that is responsible for
> fetching data from multiple sources via HTTP and uploading the results
> to a central server via HTTPS.

No FTP or some other "ping-pong" protocol involved? It looks like the
Curl_close() that calls the function that crashes is done for the
"closure_handle".

> It looks like something in Curl's state has become corrupted somewhere:
>
> (gdb) list
> 3021 /* flush the timeout list too */
> 3022 while(list->size > 0)
> <--- crash is here
> 3023 Curl_llist_remove(list, list->tail, NULL);
> (gdb) print list
> $9 = (struct curl_llist *) 0x0

This means (nowp->tv_sec || nowp->tv_usec) first evaluated true and yet
data->state.timeoutlist is NULL. That looks like a situation that shouldn't
happen.

> The code that calls libcurl is pretty much a copy-paste of libcurl example
> code, but I can post a (slightly redacted) version if it's needed.

Can you use that code against a public URL and experience a crash like this?

> Any help in tracking down this segfault would be greatly appreciated!

In addition to Jay's suggestion, maybe just running the application with
valgrind could be a first test to see if it detects and wrongdoings.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html