Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Potential double free in multi.c in 7.80
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 13 Jul 2023 23:47:05 +0200 (CEST)
On Thu, 13 Jul 2023, Abhinav Singhal via curl-library wrote:
> I understand that 7.80 is an old release, but it's shipped with one of our
> (older) releases and we're increasingly getting reports of crashes from the
> field. I was able to find why/where it's happening, and I'd like to run it
> by the curl team once so that they can confirm that this could indeed be an
> issue.
If it frees the same pointer twice, it is a double free. Otherwise it isn't.
How can it be a potential double free?
7.80.0 was released about 1765 bugfixes ago. If there was such a problem back
then, chances are we fixed it now. I don't recognize this exact one though so
I'm not entirely sure. If you can reproduce with a current version I would be
very interested.
There are some details in your report that makes it unlikely to be a/the
issue: Curl_safefree() is a macro that both frees the pointer *and assigns it
to NULL*. Thus, calling Curl_safefree() on the same pointer instance twice is
perfectly fine - assuming you follow the threading guidelines.
Date: Thu, 13 Jul 2023 23:47:05 +0200 (CEST)
On Thu, 13 Jul 2023, Abhinav Singhal via curl-library wrote:
> I understand that 7.80 is an old release, but it's shipped with one of our
> (older) releases and we're increasingly getting reports of crashes from the
> field. I was able to find why/where it's happening, and I'd like to run it
> by the curl team once so that they can confirm that this could indeed be an
> issue.
If it frees the same pointer twice, it is a double free. Otherwise it isn't.
How can it be a potential double free?
7.80.0 was released about 1765 bugfixes ago. If there was such a problem back
then, chances are we fixed it now. I don't recognize this exact one though so
I'm not entirely sure. If you can reproduce with a current version I would be
very interested.
There are some details in your report that makes it unlikely to be a/the
issue: Curl_safefree() is a macro that both frees the pointer *and assigns it
to NULL*. Thus, calling Curl_safefree() on the same pointer instance twice is
perfectly fine - assuming you follow the threading guidelines.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-07-13