cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-2416182 ] crash in ConnectionExists when using duphandle+curl_mutli

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Thu, 11 Dec 2008 23:53:00 +0000

Bugs item #2416182, was opened at 2008-12-11 08:55
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2416182&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: crash
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: MagicalTux (upsilon)
Assigned to: Daniel Stenberg (bagder)
Summary: crash in ConnectionExists when using duphandle+curl_mutli

Initial Comment:
We've had the following bug reported at PHP:

http://bugs.php.net/46756

After some more tests, it was found that removing the handle from curl_mutli *before* duplicating it solves the problem.

A simple test to reproduce the crach written in C has been created, and is available at: http://ookoo.org/svn/snip/curl_bug/

This bug has been tested and confirmed against curl 7.19.2.

Backtrace:

0x00002b46220b7646 in ConnectionExists (data=0x6430a8, needle=0x6402b8, usethis=0x7fff88c37588) at url.c:2443
2443 pipeLen = check->send_pipe->size + check->recv_pipe->size;
(gdb) bt
#0 0x00002b46220b7646 in ConnectionExists (data=0x6430a8, needle=0x6402b8, usethis=0x7fff88c37588) at url.c:2443
#1 0x00002b46220bab2b in create_conn (data=0x6430a8, in_connect=0x640260, addr=0x7fff88c375f0, async=0x7fff88c3765e) at url.c:4289
#2 0x00002b46220baef0 in Curl_connect (data=0x6430a8, in_connect=0x640260, asyncp=0x7fff88c3765e, protocol_done=0x7fff88c3765d) at url.c:4475
#3 0x00002b46220d1fc3 in multi_runsingle (multi=0x626298, easy=0x640248) at multi.c:940
#4 0x00002b46220d2ee8 in curl_multi_perform (multi_handle=0x626298, running_handles=0x7fff88c37724) at multi.c:1502
#5 0x0000000000400b3c in main (argc=1, argv=0x7fff88c37828) at test.c:36

(gdb) print data->state.connc->connects[0]
$6 = (struct connectdata *) 0x30

On line 628 of lib/easy.c, the following code seems suspect:

    if(data->state.used_interface == Curl_if_multi)
      outcurl->state.connc = data->state.connc;
    else
      outcurl->state.connc = Curl_mk_connc(CONNCACHE_PRIVATE, -1);

Commenting the if() (leaving only the Curl_mk_connc) fixes the crash, however I believe there must be some other reason than crashing libcurl for this if to exist.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2008-12-12 00:53

Message:
Thanks, I'm committing a fix right now. If you tell me your real name I'll
give you proper credit in the changelog for your report and work!

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2008-12-12 00:13

Message:
Thanks for the nice recipe, I get the exact same crash using your code.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2416182&group_id=976
Received on 2008-12-12

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET