Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
How to handle _wcsdup() memory allocation
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeff Mears via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 29 Jul 2021 21:56:37 +0000
Right now, if you override the memory allocators with curl_global_init_mem() then do an operation that uses Windows NT authentication, you will probably corrupt the heap. This is because libcurl uses _wcsdup() from the C runtime during the NT authentication, then frees the memory using the overridden allocator. If the custom allocator doesn't simply call the C runtime's free(), the heap is corrupted.
easy.c contains this line, supporting overriding _wcsdup:
#if defined(WIN32) && defined(UNICODE)
curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
#endif
However, curl_global_init_mem doesn't support actually setting it. There is a workaround: Curl_cwcsdup has external linkage, so you can just modify it directly prior to curl_global_init_mem, but this is a hack.
Someone made a pull request to add wcsdup overriding to curl_global_init_mem, but it would be a breaking change so wasn't a good solution.
https://github.com/curl/curl/pull/4300
What would be the right way to fix this? Libcurl could have a curl_global_init_mem_win32() API as one answer. Another answer would be for libcurl to implement its own wcsdup, because it's just wcslen + Curl_cmalloc + memcpy.
Thanks,
Jeff
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-07-30
Date: Thu, 29 Jul 2021 21:56:37 +0000
Right now, if you override the memory allocators with curl_global_init_mem() then do an operation that uses Windows NT authentication, you will probably corrupt the heap. This is because libcurl uses _wcsdup() from the C runtime during the NT authentication, then frees the memory using the overridden allocator. If the custom allocator doesn't simply call the C runtime's free(), the heap is corrupted.
easy.c contains this line, supporting overriding _wcsdup:
#if defined(WIN32) && defined(UNICODE)
curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
#endif
However, curl_global_init_mem doesn't support actually setting it. There is a workaround: Curl_cwcsdup has external linkage, so you can just modify it directly prior to curl_global_init_mem, but this is a hack.
Someone made a pull request to add wcsdup overriding to curl_global_init_mem, but it would be a breaking change so wasn't a good solution.
https://github.com/curl/curl/pull/4300
What would be the right way to fix this? Libcurl could have a curl_global_init_mem_win32() API as one answer. Another answer would be for libcurl to implement its own wcsdup, because it's just wcslen + Curl_cmalloc + memcpy.
Thanks,
Jeff
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-07-30