Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault when add mime as subpart to itself #1962

moteus opened this issue Oct 6, 2017 · 2 comments


Copy link

@moteus moteus commented Oct 6, 2017

I did this

curl_mime *mime = curl_mime_init(easy);
curl_mimepart *part = curl_mime_addpart(mime);
CURLcode a1 = curl_mime_subparts(part, mime);

I expected the following

curl_mime_free(mime); should not crash but curl_mime_subparts(part, mime); should returns CURLE_BAD_FUNCTION_ARGUMENT and do nothing.

curl/libcurl version

curl 7.56.0 (i386-pc-win32) libcurl/7.56.0 WinSSL
Release-Date: 2017-10-04
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS Largefile SSPI Kerberos SPNEGO NTLM SSL

operating system

Windows 7 x64


This comment has been minimized.

Copy link

@bagder bagder commented Oct 7, 2017

I'm not convinced this is something we have to protect against, but it should be easy to at least prevent this bad use.

bagder added a commit that referenced this issue Oct 7, 2017
Refuse to add its own "ancestor".

Reported-by: Alexey Melnichuk
Fixes #1962

This comment has been minimized.

Copy link

@bagder bagder commented Oct 7, 2017

Let me know what you think of this fix!

@bagder bagder added the crash label Oct 7, 2017
@monnerat monnerat closed this in ebcbed3 Oct 8, 2017
@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
2 participants
You can’t perform that action at this time.