curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

SIGSEGV in curl-8.6.0/lib/http2.c:288 (curl_multi_perform->extract_if_dead->http2_data_done)

From: Aleksander Mazur via curl-library <>
Date: Wed, 20 Mar 2024 00:01:53 +0100


Recently I observe my program crashing (sometimes) during system startup.
(During system startup internet connection is down so a few first https/HTTP2 requests fail with CURLE_COULDNT_RESOLVE_HOST. Then internet connection goes up.)
Then the program is restarted by supervisor and works fine.
The program is cross-compiled for i686 and linked against libcurl 8.6.0, openssl 3.2.1, nghttp2 1.60.0, uClibc-ng 1.0.46. I don't have a full-blown debugging environment in this toolchain but managed to capture a backtrace:
 0xb7f00c2d http2_data_done.isra.0+0x4D
 0xb7f017d3 cf_h2_cntrl+0x199
 0xb7ef063f Curl_conn_cf_cntrl+0x41
 0xb7ef0685 cf_cntrl_all.constprop.0+0x2D
 0xb7f07b3d Curl_detach_connection+0x2D
 0xb7f1487e extract_if_dead+0x142
 0xb7f148b4 call_extract_if_dead+0x11
 0xb7ef1116 Curl_conncache_foreach+0x89
 0xb7f16c31 Curl_connect+0x1948
 0xb7f094a8 multi_runsingle+0x1E5
 0xb7f0a398 curl_multi_perform+0xBB
 0x804bd6f main+0x26F
 0xb7ba6e83 __uClibc_main+0x15E
 0x804be33 _start+0x21
(half of which looks similar to #12951)

Using objdump -d -S I found this:
   1ec2a: 52 push %edx
   1ec2b: 6a 00 push $0x0
-> 1ec2d: ff 36 push (%esi)
   1ec2f: 50 push %eax
   1ec30: e8 2b 84 fe ff call 7060 <nghttp2_session_set_stream_user_data_at_plt>
... what most probably matches accessing stream->id in lib/http2.c:288:
> (void)nghttp2_session_set_stream_user_data(ctx->h2, stream->id, NULL);
meaning that stream must have been not NULL but held an invalid pointer.
Are you aware of a scenario in which a stale pointer to Curl_easy.req.p.http is kept in connection cache and then reused?
Do you think may be related to this issue?

Aleksander Mazur
Received on 2024-03-20