Bugs item #3413181, was opened at 2011-09-23 08:24
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3413181&group_id=976
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: crash
>Status: Closed
>Resolution: Fixed
Priority: 6
Private: No
Submitted By: Taneli Vähäkangas (taneliv)
Assigned to: Daniel Stenberg (bagder)
Summary: SIGSEGV while POSTing large data
Initial Comment:
I'm trying to send data to an upload service at www.plupload.com:
curl -O -d name=foo.jpg --data-binary @xaa -d chunk=0 -d chunks=10 http://www.plupload.com/upload.php
(Please note that this might be wrong format for the service, it isn't particularly well documented.)
If the file xaa has more than about 130k bytes, curl will crash with segmentation fault. See below gdb backtrace:
(gdb) run
Starting program: /home/taneli/bin/curl -O -d name=foo.jpg --data-binary @xaa -d chunk=0 -d chunks=10 http://www.plupload.com/upload.php
[Thread debugging using libthread_db enabled]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
84 132k 0 0 84 112k 0 139k --:--:-- --:--:-- --:--:-- 174k
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7457abb in memcpy () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff7457abb in memcpy () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff7b954a4 in readmoredata () from /home/taneli/lib/libcurl.so.4
#2 0x00007ffff7bafe52 in Curl_fillreadbuffer () from /home/taneli/lib/libcurl.so.4
#3 0x00007ffff7bb08c5 in Curl_readwrite () from /home/taneli/lib/libcurl.so.4
#4 0x00007ffff7bb1fc3 in Curl_do_perform () from /home/taneli/lib/libcurl.so.4
#5 0x0000000000408d07 in main ()
(gdb)
This happens with both 7.22.0 and ubuntu natty's 7.21.3 on x86-64, at the same spot.
----------------------------------------------------------------------
>Comment By: Daniel Stenberg (bagder)
Date: 2011-09-25 00:08
Message:
Thanks for the report. This bug was a flaw in the client code, not the
library. The fix is commit 745014b7267e83 and it has been pushed.
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2011-09-23 09:29
Message:
Thanks for the report, I can repeat it easily against localhost like this:
$ valgrind ./src/curl -O -d name=foo.jpg --data-binary @src/curl -d
chunk=0 -d chunks=10 localhost/poo
valgrind shows this:
==9095== Invalid read of size 1
==9095== at 0x40267B0: memcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==9095== by 0x80749F4: readmoredata (http.c:972)
==9095== by 0x808A993: Curl_fillreadbuffer (transfer.c:126)
==9095== by 0x808BD6C: readwrite_upload (transfer.c:844)
==9095== by 0x808C307: Curl_readwrite (transfer.c:1043)
==9095== by 0x808CD92: Transfer (transfer.c:1395)
==9095== by 0x808DD2E: Curl_do_perform (transfer.c:2148)
==9095== by 0x808DFC5: Curl_perform (transfer.c:2272)
==9095== by 0x8063B8D: curl_easy_perform (easy.c:537)
==9095== by 0x80588DA: operate (main.c:4749)
==9095== by 0x80593DD: main (main.c:5108)
==9095== Address 0x54fb1e3 is 0 bytes after a block of size 51 alloc'd
==9095== at 0x4025018: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==9095== by 0x8064762: curl_domalloc (memdebug.c:187)
==9095== by 0x80518A1: getparameter (main.c:2198)
==9095== by 0x8054E03: operate (main.c:3800)
==9095== by 0x80593DD: main (main.c:5108)
==9095==
----------------------------------------------------------------------
Comment By: Taneli Vähäkangas (taneliv)
Date: 2011-09-23 09:24
Message:
Ah, a further detail: it is the later memcpy() in readmoredata().
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3413181&group_id=976
Received on 2011-09-25
Mailing List 
Page updated November 12, 2010.