curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Potential double free in multi.c in 7.80

From: Daniel Stenberg via curl-library <>
Date: Thu, 13 Jul 2023 23:47:05 +0200 (CEST)

On Thu, 13 Jul 2023, Abhinav Singhal via curl-library wrote:

> I understand that 7.80 is an old release, but it's shipped with one of our
> (older) releases and we're increasingly getting reports of crashes from the
> field. I was able to find why/where it's happening, and I'd like to run it
> by the curl team once so that they can confirm that this could indeed be an
> issue.

If it frees the same pointer twice, it is a double free. Otherwise it isn't.
How can it be a potential double free?

7.80.0 was released about 1765 bugfixes ago. If there was such a problem back
then, chances are we fixed it now. I don't recognize this exact one though so
I'm not entirely sure. If you can reproduce with a current version I would be
very interested.

There are some details in your report that makes it unlikely to be a/the
issue: Curl_safefree() is a macro that both frees the pointer *and assigns it
to NULL*. Thus, calling Curl_safefree() on the same pointer instance twice is
perfectly fine - assuming you follow the threading guidelines.

  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
Received on 2023-07-13