-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CURL_LOCK_DATA_CONNECT can cause concurrent access to a connection on multiple threads #4544
Comments
I can reproduce and I have a patch in progress. It currently seem to fix the issue partly but not completely and I'm starting to get a clue regarding what's missing. It will probably take me a few more days to present a fix. |
It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544
This patch seems to have removed the crashes from running the trigger program... |
It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544
Awesome, it's looking much more stable with those changes. I haven't seen any ASAN failure or crash yet with the repro code stressing it. |
It is certainly a step in the right direction. I'll test the PR a bit more before I land it, since I got some suspicious-looking freebsd crashes first that now don't occur... I don't think I'll have the nerve to merge it before the Nov 6 release anyway! |
It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544
It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544
It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544
It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544
It could accidentally let the connection get used by more than one thread, leading to double-free and more. Reported-by: Christopher Reid Fixes #4544
I did this
We've seen race conditions when using CURL_LOCK_DATA_CONNECT in libcurl where sometimes two different threads using two different easy handles ends up sharing the same connection pointer at the same time.
This causes crashes when both threads are doing work on the same connection pointer.
I added curl cpp code which stresses CURL_LOCK_DATA_CONNECT and should eventually trigger an ASAN error or crash with curl compiled using clang's address sanitizers.
It's not consistent how it fails since it's a threading issue. I've found that it's more consistent after adding a random sleep after the unlock here https://github.com/curl/curl/blob/master/lib/url.c#L1372.
Sample program which can reproduce this issue:
curl.txt
An example of ASAN output when this issue is hit with additional logging.
asan-output.txt
Notably three threads with different easy handles decide to reuse the 0x61b000fbd688 connection at the same time.
curl/libcurl version
This issue is reproducible on libcurl master.
operating system
Ubuntu
The text was updated successfully, but these errors were encountered: