Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Curl segfault in curl_multi_perform
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 31 Jul 2023 17:38:55 +0200 (CEST)
On Mon, 31 Jul 2023, Richard W.M. Jones wrote:
Hello Richard,
Thanks to your awesome reproducer, Stefan and I manged to reproduce the
problem and figure out what's going on.
It is a time sensitive race. The time between the HTTP/1+upgrade request is
sent until it comes back and is upgraded to HTTP/2 proper, curl could
accidentally pick that connection as "a HTTP/2 connection suitable for
multiplexing" even though it wasn't doing HTTP/2 just yet.
This is a problem unique to HTTP + upgrade (ie not HTTPS) and it needs more
than connection for it to trigger.
I have a work in progress patch that seems to (at least) fix the crash:
https://github.com/curl/curl/pull/11557
Stefan has a test case pending and will try out this patch there tomorrow, so
we might need to polish it a little more before we land it.
Date: Mon, 31 Jul 2023 17:38:55 +0200 (CEST)
On Mon, 31 Jul 2023, Richard W.M. Jones wrote:
Hello Richard,
Thanks to your awesome reproducer, Stefan and I manged to reproduce the
problem and figure out what's going on.
It is a time sensitive race. The time between the HTTP/1+upgrade request is
sent until it comes back and is upgraded to HTTP/2 proper, curl could
accidentally pick that connection as "a HTTP/2 connection suitable for
multiplexing" even though it wasn't doing HTTP/2 just yet.
This is a problem unique to HTTP + upgrade (ie not HTTPS) and it needs more
than connection for it to trigger.
I have a work in progress patch that seems to (at least) fix the crash:
https://github.com/curl/curl/pull/11557
Stefan has a test case pending and will try out this patch there tomorrow, so
we might need to polish it a little more before we land it.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-07-31