curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

How to handle _wcsdup() memory allocation

From: Jeff Mears via curl-library <>
Date: Thu, 29 Jul 2021 21:56:37 +0000

Right now, if you override the memory allocators with curl_global_init_mem() then do an operation that uses Windows NT authentication, you will probably corrupt the heap. This is because libcurl uses _wcsdup() from the C runtime during the NT authentication, then frees the memory using the overridden allocator. If the custom allocator doesn't simply call the C runtime's free(), the heap is corrupted.

easy.c contains this line, supporting overriding _wcsdup:

#if defined(WIN32) && defined(UNICODE)
curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;

However, curl_global_init_mem doesn't support actually setting it. There is a workaround: Curl_cwcsdup has external linkage, so you can just modify it directly prior to curl_global_init_mem, but this is a hack.

Someone made a pull request to add wcsdup overriding to curl_global_init_mem, but it would be a breaking change so wasn't a good solution.

What would be the right way to fix this? Libcurl could have a curl_global_init_mem_win32() API as one answer. Another answer would be for libcurl to implement its own wcsdup, because it's just wcslen + Curl_cmalloc + memcpy.



Received on 2021-07-30