Segfault in imap_done when calling curl_multi_remove_handle() #1953
I did this
I expected the following
Not to hit a segfault...
Verbose logs add on some context:
The issue appears to be calling this code:
kali + ubuntu.
The text was updated successfully, but these errors were encountered:
In stack frame
The monster condition looks like:
So which of these was set to make the code execute this block? I'm trying to reproduce this with a test case but I don't quite understand the setup yet.
If you need more, let me know.
In case it's relevant:
curl_mime_addpart calls this code:
(there's a bug here, but that's separate).
When imap_done() got called before a connection is setup, it would try to "finish up" and dereffed a NULL pointer. Test case 1153 managed to reproduce. I had to actually use a host name to try to resolve to slow it down, as using the normal local server IP will make libcurl get a connection in the first curl_multi_perform() loop and then the bug doesn't trigger. Fixes #1953 Assisted-by: Max Dymond