Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Investigating a one off crash in 7.80.0
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 19 May 2023 16:11:27 +0200 (CEST)
On Thu, 18 May 2023, Abhinav Singhal via curl-library wrote:
> Some of our old code is shipped with curl 7.80.0. In lib/multi.c, we saw (a
> one off as of today) crash in multi_done() while calling
> Curl_free_request_state(data). This line was removed in 7.83.0. I understand
> it's a pretty old change, but does anyone remember why this line was
> removed?
I don't think it is productive to chase a single line change like that.
That change was done as part of the #8593 PR and presumably we (I?) figured
out that it caused a problem or otherwise was unnecessary in the process of
the developing that PR.
It is also likely that we could remove it then because of the other changes
that were done, so that just removing it from an earlier version would not be
a suitable change.
Using the available test suite we could make sure that we didn't need that
call (anymore).
> This change wasn't flagged as a CVE
It was not a security vulnerability, no. It was "just a change".
Date: Fri, 19 May 2023 16:11:27 +0200 (CEST)
On Thu, 18 May 2023, Abhinav Singhal via curl-library wrote:
> Some of our old code is shipped with curl 7.80.0. In lib/multi.c, we saw (a
> one off as of today) crash in multi_done() while calling
> Curl_free_request_state(data). This line was removed in 7.83.0. I understand
> it's a pretty old change, but does anyone remember why this line was
> removed?
I don't think it is productive to chase a single line change like that.
That change was done as part of the #8593 PR and presumably we (I?) figured
out that it caused a problem or otherwise was unnecessary in the process of
the developing that PR.
It is also likely that we could remove it then because of the other changes
that were done, so that just removing it from an earlier version would not be
a suitable change.
Using the available test suite we could make sure that we didn't need that
call (anymore).
> This change wasn't flagged as a CVE
It was not a security vulnerability, no. It was "just a change".
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-05-19