Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Memory corruption in http::client::post #482
I'm using the latest stable release (0.11.1-final) downloaded from http://cpp-netlib.org/ and have noticed that references to a local object are being stored for certain post requests. I apologize in advance for the poor quality of this report, but the code I downloaded from your website doesn't seem to match the repo. For instance, in the downloaded code the problem file is boost/network/protocol/http/client/facade.hpp and the closest I can find in the repo is https://github.com/cpp-netlib/cpp-netlib/blob/master/http/src/network/protocol/http/client/facade.ipp#L46
Regardless, they both have the same issue.
The linked function operates on a local copy of the request object which then gets passed, by reference, to request_skeleton. Eventually host() is called on this object, and the result is stored. Later on, when the newly created thread tries to access the stored data, it is no longer valid because the local request object has long since been destroyed.
I don't have a proposed fixed because I'm not familiar enough with the library, but in my own code I simply changed post to accept a reference, and ensure the request remains valid for the duration of the post.
Hope that makes sense.
You're looking at the wrong version of the file -- the link you have is to the master branch, which is not where 0.11-devel comes from.
That said, I think there's a potential for this to actually be a problem. I'm going to see if I can actually fix this in 0.11.2 (or whether someone else can).
The specific problem is that
Unfortunately, the referenced request goes out of scope when
The put request has the same flaw.
Also, the documentation/tutorial should probably make it more clear that the application is responsible for ensuring the lifetime of these values lasts until the request has terminated. Managing this lifetime takes some care when using the client interface in an asynchronous pattern.