-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assertion failure in bio_cf_out_write if CURLOPT_HEADERFUNCTION callback gets CURLINFO_TLS_SSL_PTR #10336
Comments
I confirmed the following patch solves the crash bug. diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index dd0414ce7..889f6137d 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -315,11 +315,15 @@ static void cf_ctx_free(struct ssl_connect_data *ctx)
}
}
-static void cf_ctx_set_data(struct Curl_cfilter *cf,
+static struct Curl_easy *cf_ctx_set_data(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
- if(cf->ctx)
+ struct Curl_easy *old_data = NULL;
+ if(cf->ctx) {
+ old_data = ((struct ssl_connect_data *)cf->ctx)->call_data;
((struct ssl_connect_data *)cf->ctx)->call_data = data;
+ }
+ return old_data;
}
static CURLcode ssl_connect(struct Curl_cfilter *cf, struct Curl_easy *data)
@@ -1786,9 +1790,9 @@ void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex,
/* get first filter in chain, if any is present */
cf = Curl_ssl_cf_get_ssl(data->conn->cfilter[sockindex]);
if(cf) {
- cf_ctx_set_data(cf, data);
+ struct Curl_easy *old_data = cf_ctx_set_data(cf, data);
result = Curl_ssl->get_internals(cf->ctx, info);
- cf_ctx_set_data(cf, NULL);
+ cf_ctx_set_data(cf, old_data);
}
}
return result; |
I was trying to create a simple program to reproduce the crash. There is only one reproducible step I know at the moment.
|
@icing any idea what could be causing this? |
@fujii thanks for all the details. Your patch will indeed solve the issue. Thinking about a better way to address this. @jay we have, via the user callbacks, a recursive call into the filters and the current way of handling the |
Tricky. There's multi->in_callback if that helps. edit: It's possible in_callback might not be set for all user callbacks, so maybe it won't help as much as I thought... |
Indeed. And possibly, those could happen nested as well. |
- refs curl#10336 where the previous implementation cleared `data` so the outer invocation lost its data.
How about #10340 to address this? |
I tested and confirmed it works fine. Thank you very much. |
The previous implementation cleared `data` so the outer invocation lost its data, which could lead to a crash. Bug: curl#10336 Reported-by: Fujii Hironori Closes curl#10340
I'm using libcurl 7.87.0 with libressl 3.7.0 for Windows WebKit.
After upgrading libcurl to 7.87.0 from 7.86, WebKit browser is crashing by loading https pages with a proxy.
With the debug libcurl.dll, I'm observing the following assertion failure.
Callstack:
This assertion was added by this change.
55807e6
#9962
data
is cleared becauseCURLOPT_HEADERFUNCTION
callback callscurl_easy_getinfo
withCURLINFO_TLS_SSL_PTR
.callstack of cf_ctx_set_data:
The text was updated successfully, but these errors were encountered: