Bugs item #1371316, was opened at 2005-12-01 18:33
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1371316&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: crash
Status: Open
Resolution: None
Priority: 5
Submitted By: Jamie Newton (jaynewt)
Assigned to: Daniel Stenberg (bagder)
Summary: None existent file causes invalid close of file descriptor

Initial Comment:
CURL 7.15.0

file.c line 153

accessing a file that doesn't exist results in a file
descriptor returned as -1. this is detected and
Curl_file_done() is called. However Curl_file_done
checks file->fd for -1 but it hasn't been set prior to
the call so file->fd within Curl_file_done() is 0. the
subseqent call to close(file->fd) is invalid and
causes my application to crash.

here is the relevant section of code, remember fd == -
1, file doesn't exist.

if(!conn->data->set.upload && (fd == -1)) {
    failf(conn->data, "Couldn't open file %s", conn-
>path);
    Curl_file_done(conn, CURLE_FILE_COULDNT_READ_FILE);
    return CURLE_FILE_COULDNT_READ_FILE;
  }
  file->fd = fd;

CURLcode Curl_file_done(struct connectdata *conn,
                        CURLcode status)
{
  struct FILEPROTO *file = conn->proto.file;
  (void)status; /* not used */
  Curl_safefree(file->freepath);

  if(file->fd != -1)
    close(file->fd); <--- file->fd is bad here

  return CURLE_OK;
}

I think that file->fd = fd should be done before the
call to Curl_file_done() not after it.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1371316&group_id=976
Received on 2005-12-02