curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Potential double free in multi.c in 7.80

From: Abhinav Singhal via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 13 Jul 2023 11:38:29 -0400

Hi,
I understand that 7.80 is an old release, but it's shipped with one of our
(older) releases and we're increasingly getting reports of crashes from the
field. I was able to find why/where it's happening, and I'd like to run it
by the curl team once so that they can confirm that this could indeed be an
issue.

In 7.80 ~/lib/multi.c, in multi_done(), we call
*Curl_safefree(data->req.newurl)
*at the beginning of the function. Towards the end of the function,
*Curl_free_request_state(data)* is called, which in turn calls
*Curl_safefree(data->req.newurl)
*again, potentially causing the crash being observed. Can anyone confirm?
Thanks.


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-07-13