Segmentation fault when removing easy handle that was on the pending connections list #2677
Labels
Comments
edit: scratch my earlier comment. This problem persists even in #2675 |
Thanks @jblazquez, that certainly sounds like the correct fix as the pending list certainly should not contain any handles that have been removed... |
Thanks Daniel, I submitted a pull request with the fix ^ |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The following code reliably results in a segfault in curl 7.60.0 on Linux (
Linux 4.15.0-23-generic #25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
):Steps to reproduce on Linux:
The problems appears to occur because of the following:
CURLM_STATE_CONNECT
state but has no connections available, so it's added to the multi handle's list of connect-pending handles.multi_done
is called, which in turn callsprocess_pending_handles
to dequeue the next handle waiting for a connection, segfaulting by accessing a freed entry.Adding the following code to remove a handle from the connect-pending list in all cases seems to fix the issue:
The text was updated successfully, but these errors were encountered: