Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pausing non-HTTP transfers trigger segfault #7079

Closed
gold22 opened this issue May 17, 2021 · 5 comments
Closed

Pausing non-HTTP transfers trigger segfault #7079

gold22 opened this issue May 17, 2021 · 5 comments

Comments

@gold22
Copy link

@gold22 gold22 commented May 17, 2021

Try to download a file via FTP using libcurl compiled with nghttp2

*   Trying 10.52.59.74:21...
* Connected to 10.52.59.74 (10.52.59.74) port 21 (#0)
< 220 (vsFTPd 3.0.3)
> USER ftpuser
< 331 Please specify the password.
> PASS *****
< 230 Login successful.
> PWD
< 257 "/home/ftpuser" is the current directory
* Entry path is '/home/ftpuser'
> CWD backups
* ftp_perform ends with SECONDARY: 0
< 250 Directory successfully changed.
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||10150|)
*   Trying 10.52.59.74:10150...
* Connecting to 10.52.59.74 (10.52.59.74) port 10150
* Connected to 10.52.59.74 (10.52.59.74) port 21 (#0)
> TYPE I
< 200 Switching to Binary mode.
> SIZE example.tar
< 213 137231344
* Instructs server to resume from offset 126745584
> REST 126745584
< 350 Restart position accepted (126745584).
> RETR example.tar
< 150 Opening BINARY mode data connection for example.tar (137231344 bytes).
* Maxdownload = -1
* Getting file with size: 10485760

A program fails with the error

Program received signal SIGSEGV, Segmentation fault.
0x000000000063a3a2 in nghttp2_session_set_local_window_size ()
(gdb) bt
#0  0x000000000063a3a2 in nghttp2_session_set_local_window_size ()
#1  0x00000000005e7d5a in Curl_http2_stream_pause ()
#2  0x00000000005f2beb in pausewrite ()
#3  0x00000000005fde11 in Curl_readwrite ()
#4  0x00000000005ef924 in multi_runsingle ()
#5  0x00000000005f0ede in curl_multi_perform ()

I expected the following

The file is downloaded successfully.

curl/libcurl version

7.76.1

operating system

any (Unix, Windows)

Possible fix

--- a/lib/http2.c	Mon Apr 12 14:31:13 2021
+++ b/lib/http2.c	Thu May 13 13:54:02 2021
@@ -2332,7 +2332,7 @@
   DEBUGASSERT(data);
   DEBUGASSERT(data->conn);
   /* if it isn't HTTP/2, we're done */
-  if(!data->conn->proto.httpc.h2)
+  if(!(data->conn->handler->protocol & PROTO_FAMILY_HTTP) || !data->conn->proto.httpc.h2)
     return CURLE_OK;
 #ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
   else {
@bagder bagder changed the title Using libcurl with nghttp2 leads to segmentation fault Pausing non-HTTP transfers trigger segfault May 17, 2021
@bagder
Copy link
Member

@bagder bagder commented May 17, 2021

Ack, and fix looks fine too. I'll make a pull-request out of it for you.

@gold22
Copy link
Author

@gold22 gold22 commented May 17, 2021

Thanks!

bagder added a commit that referenced this issue May 17, 2021
Since the function is called for any protocol, we can't assume that the
HTTP struct is there without first making sure it is HTTP.

Reported-by: Denis Goleshchikhin
Fixes #7079
@bagder bagder closed this in 904b27d May 17, 2021
@gold22
Copy link
Author

@gold22 gold22 commented May 17, 2021

Could you publish a new version of the library with the fix?

@bagder
Copy link
Member

@bagder bagder commented May 17, 2021

All merged fixes will be included in the next release.

@gold22
Copy link
Author

@gold22 gold22 commented May 17, 2021

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants