New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crash with -F file=@/directory #1053

Closed
tobypeterson opened this Issue Oct 3, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@tobypeterson
Contributor

tobypeterson commented Oct 3, 2016

Easy to repro:

% curl -F file=@/tmp example.com
curl(32762,0x7fffc20493c0) malloc: *** error for object 0x7fdfe7400017: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

Crash introduced by commit c2a809cd265c37e7bbef55e64d70114d2f0d7189

The last goto added there is after newform has been added to list (formp), so curl then crashes since the list contains a freed entry.

Obvious fix is to move the list link adjustment to after the "if (size)" block, but then the error is rather vague:

curl: (43) A libcurl function was given a bad argument

curl 7.50.3, macOS Sierra

@bagder bagder added crash HTTP labels Oct 4, 2016

@bagder

This comment has been minimized.

Member

bagder commented Oct 4, 2016

Thanks!

I agree that the error message is annoyingly cryptic, but it is hard to fix easily since we have no struct Curl_easy handle to for example do custom error messages with. I think that's still the easy fix to go with and improving the error message is a more longer term fix. I'd like to add easy handles to a new set of curl_formadd() functions and deprecate the old functions that don't take any such argument and then lots of good opportunities will open.

So, I'll merge this easy fix now.

@bagder bagder closed this in bdf162a Oct 4, 2016

@lock lock bot locked as resolved and limited conversation to collaborators May 7, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.