curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl segfault in curl_multi_perform

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 31 Jul 2023 17:38:55 +0200 (CEST)

On Mon, 31 Jul 2023, Richard W.M. Jones wrote:

Hello Richard,

Thanks to your awesome reproducer, Stefan and I manged to reproduce the
problem and figure out what's going on.

It is a time sensitive race. The time between the HTTP/1+upgrade request is
sent until it comes back and is upgraded to HTTP/2 proper, curl could
accidentally pick that connection as "a HTTP/2 connection suitable for
multiplexing" even though it wasn't doing HTTP/2 just yet.

This is a problem unique to HTTP + upgrade (ie not HTTPS) and it needs more
than connection for it to trigger.

I have a work in progress patch that seems to (at least) fix the crash:

   https://github.com/curl/curl/pull/11557

Stefan has a test case pending and will try out this patch there tomorrow, so
we might need to polish it a little more before we land it.

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-07-31