-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libcurl v7.88.1 crash on cleanup with missing cookie file #10694
Comments
Thanks a lot for your report! I've failed to reproduce this problem myself, so can I ask you to provide us with more details on how to go ahead and repeat this. Preferably with a command line or a stand-alone program we can run from our ends against a public URL to trigger the problem? |
From my reading of the description, this command line should trigger the problem?
|
Hello @bagder , We observe a similar issue (but a memory leak) with CURLOPT_COOKIEFILE in combination with curl_easy_reset. However, curl_easy_reset performs a non-conditional memset on
I believe that curl_easy_reset shall not cause a memory leak and must either
Best regards, |
does this solve it (edit: patch moved to #10709) |
That was a memory-leak and thus a different matter and issue than what is reported here. |
And make sure there is no memory leak Ref: #10694
There some relation with verbose mode...
output is:
if I do not set CURLOPT_DEBUGFUNCTION CURLOPT_DEBUGDATA then output is
and cookiefile is created if I do not set CURLOPT_VERBOSE then output is
and cookiefile is created Calback function is:
|
- Free set.cookelist in Curl_freeset instead of Curl_close. Prior to this change the cookielist linked list wasn't freed by curl_easy_reset which calls Curl_freeset to free all set. Bug: curl#10694 (comment) Reported-by: Sergey Ryabinin Closes #xxxx
And make sure there is no memory leak Ref: curl#10694
another addition - if I move deallocation of userdata
Then there a no crush and cookiefile is created.
I dont understand... |
I'm sorry, but I'm gonna need a recipe that uses libcurl directly or the command line tool. No binding. |
well... i'm don't know C and dont have any means to work with it... but maybe this give some light to the problem:
and callback to this:
and get this output:
now if Imove deallocation of user pointer to before curl_easy_cleanup() function like that:
then I get:
You can see that debug func was called in curl_easy_cleanup(), outside curl_easy_perform() |
- Free set.cookelist in Curl_freeset instead of Curl_close. Prior to this change the cookielist linked list wasn't freed by curl_easy_reset which calls Curl_freeset to free all set. Bug: #10694 (comment) Reported-by: Sergey Ryabinin Closes #10709
Hope this reproduser (win) is not completely wrong...
|
Thanks. I cleaned up your most recent C example and was able to use it to reproduce with curl-7_88_1. (Click to expand)#include <crtdbg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <curl/curl.h>
#include <openssl/crypto.h>
struct tagcURLCallBackBuffer {
char *strbuf;
unsigned int size;
unsigned int allocated;
};
static int cURLCallbackFunc_DebugTraceFuncEL (CURL *handle, curl_infotype itype, char *idata, size_t iSize, tagcURLCallBackBuffer *zBuffer)
{
(void)handle; /* prevent compiler warning */
if (itype == CURLINFO_TEXT || itype == CURLINFO_HEADER_OUT || itype == CURLINFO_HEADER_IN) {
memset(&zBuffer->strbuf[zBuffer->size],0,iSize + 1);
memcpy(&zBuffer->strbuf[zBuffer->size],idata,iSize);
zBuffer->size += iSize;
}
return 0;
}
int main(void)
{
CURL *cURLHandle;
CURLcode cURLRetValue;
tagcURLCallBackBuffer info;
tagcURLCallBackBuffer *ptInfo = &info;
const char *cookiefile = "C:\\Temp\\_CookiesFileInQuestion.txt";
_CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_FILE);
_CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR);
_CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF | _CRTDBG_DELAY_FREE_MEM_DF);
ptInfo->allocated = 1000000;
ptInfo->size = 0;
ptInfo->strbuf = (char *)calloc(1, ptInfo->allocated);
unlink(cookiefile);
Sleep(1000);
curl_global_init(CURL_GLOBAL_ALL);
cURLHandle = curl_easy_init();
curl_easy_setopt(cURLHandle, CURLOPT_DEBUGFUNCTION, cURLCallbackFunc_DebugTraceFuncEL);
curl_easy_setopt(cURLHandle, CURLOPT_DEBUGDATA, ptInfo);
curl_easy_setopt(cURLHandle, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(cURLHandle, CURLOPT_URL, "http://curl.se");
curl_easy_setopt(cURLHandle, CURLOPT_COOKIESESSION, 1L);
curl_easy_setopt(cURLHandle, CURLOPT_COOKIEFILE, cookiefile);
curl_easy_setopt(cURLHandle, CURLOPT_COOKIEJAR, cookiefile);
cURLRetValue = curl_easy_perform(cURLHandle);
free(ptInfo->strbuf);
ptInfo->allocated = 0;
ptInfo->size = 0;
ptInfo->strbuf = NULL;
curl_easy_cleanup(cURLHandle);
curl_global_cleanup();
OPENSSL_cleanup();
_CrtMemDumpAllObjectsSince(NULL);
printf("\n");
return 0;
} The crash is because the memory used by your debug callback is freed before calling curl_easy_cleanup. As long as DEBUGFUNCTION is set then any curl_xxx function that operates on the handle may call it. As you've already figured out, when you free the memory after curl_easy_cleanup then there is no crash. However, your original example in VB code seems to show that you already do that... Can you confirm that there is no crash in your actual code if you free the memory after curl_easy_cleanup? Note the C example will crash with curl-7_88_1 but not with master (674a066 2023-03-10) because 45d4bf5 changed the behavior not to re-read the cookie files on cleanup so there is no verbose text (like file not found etc) when that happens. Even though it doesn't crash that's just by chance. It still may crash if you free the memory before curl_easy_cleanup. |
Yes, there is no crash if i free memory after curl_easy_cleanup(). |
No problem, thanks for the update. |
- Free set.cookelist in Curl_freeset instead of Curl_close. Prior to this change the cookielist linked list wasn't freed by curl_easy_reset which calls Curl_freeset to free all set. Bug: curl#10694 (comment) Reported-by: Sergey Ryabinin Closes curl#10709
This also tests for the memory leak bug fixed by parent commit b559ef6. Ref: curl#10694 Closes curl#10712
I get crush with libcurl v7.88.1 on call to curl_easy_cleanup() if cookies file is not exists originally.
If I manually create blank text-file (with relevant filename) - there a no crush and file content successfully written (in my test case only header as there is no cookies).
Without CURLOPT_COOKIEJAR option set - there a no crush...
With libcurl v7.86.0 crush did not happen, but also cookies file was not created/written.
If I remember right, with some previous version cookiesfile was created without problems...
Cookes engine setup (Windows):
on beginning of connection log there a message:
WARNING: failed to open cookie file "* full file path to cookie file *"
I expected the following
I expected cookes file is created/written by libcurl...
The text was updated successfully, but these errors were encountered: