Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Investigating a one off crash in 7.80.0
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Abhinav Singhal via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 18 May 2023 23:44:25 -0400
Hi,
Some of our old code is shipped with curl 7.80.0. In lib/multi.c, we saw (a
one off as of today) crash in multi_done() while calling
Curl_free_request_state(data). This line was removed in 7.83.0. I
understand it's a pretty old change, but does anyone remember why this line
was removed? Was it to prevent a double free or did the code realignment
warrant this free to be moved elsewhere in the code? This change wasn't
flagged as a CVE, nor did I see much regarding this change in the 7.83.0
release notes, so it doesn't seem like the change was made to prevent a
potential crash. Any inputs would be appreciated.
Thanks.
Date: Thu, 18 May 2023 23:44:25 -0400
Hi,
Some of our old code is shipped with curl 7.80.0. In lib/multi.c, we saw (a
one off as of today) crash in multi_done() while calling
Curl_free_request_state(data). This line was removed in 7.83.0. I
understand it's a pretty old change, but does anyone remember why this line
was removed? Was it to prevent a double free or did the code realignment
warrant this free to be moved elsewhere in the code? This change wasn't
flagged as a CVE, nor did I see much regarding this change in the 7.83.0
release notes, so it doesn't seem like the change was made to prevent a
potential crash. Any inputs would be appreciated.
Thanks.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-05-19