-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MacOS (Arm64) crash on curl += 7.76 #7308
Comments
But why does it crash there? Isn't |
Nah, I wouldn't know what to do with it. |
Lines 1163 to 1170 in 6b951a6
Lines 1179 to 1182 in 6b951a6
Line 1205 in 6b951a6
fullsize should not be larger than the passed in fullsize which is the size of buffer. My guess is the max speed that is assigned to fullsize is larger than the passed in fullsize. diff --git a/lib/http.c b/lib/http.c
index 6d5d8fb..7b44198 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1177,6 +1177,7 @@ static size_t readmoredata(char *buffer,
data->req.forbidchunk = (http->sending == HTTPSEND_REQUEST)?TRUE:FALSE;
if(data->set.max_send_speed &&
+ (data->set.max_send_speed < fullsize) &&
(data->set.max_send_speed < http->postsize))
/* speed limit */
fullsize = (size_t)data->set.max_send_speed; |
This comment has been minimized.
This comment has been minimized.
Fixed-by: Jay Satiro Reported-by: Richard Marion Fixes #7308
- Don't set the size of the piece of data to send to the rate limit if that limit is larger than the buffer size that will hold the piece. Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE (curl tool: --limit-rate) was set then it was possible that a temporary buffer used for uploading could be written to out of bounds. A likely scenario for this would be a non-trivial amount of post data combined with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k). The bug was introduced in 24e469f which precedes 7.77.0. perl -e "print '0' x 200000" > tmp curl --limit-rate 128k -d @tmp httpbin.org/post Reported-by: Richard Marion Fixes #7308 Closes #xxxx
I was working on the commit message at the same time you opened so I force pushed to your branch |
- Don't set the size of the piece of data to send to the rate limit if that limit is larger than the buffer size that will hold the piece. Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE (curl tool: --limit-rate) was set then it was possible that a temporary buffer used for uploading could be written to out of bounds. A likely scenario for this would be a non-trivial amount of post data combined with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k). The bug was introduced in 24e469f which is in releases since 7.76.0. perl -e "print '0' x 200000" > tmp curl --limit-rate 128k -d @tmp httpbin.org/post Reported-by: Richard Marion Fixes #7308 Closes #xxxx
With the addition of the statement of "full-size = (size_t) data->set.max_send_speed" on line 1179-1182 in http.c in commit 24e469f#diff-14c8235d370910f1781de1a00ed1957ec948e84e88fdc52db87bd4eb7c7167ff made for 7.76, MacOS crashes in memcpy on line 1205.
I did this. Built version 7.75 and version 7.76 from sources for arm64 target. Once I took out line 1179-1182 from http.c, I was able to run overnight without memory violation crashes.
I expected the following. I expected both versions to work
curl/libcurl version - 7.75 & 7.76
[curl -V output]
MacOS 11.4
The text was updated successfully, but these errors were encountered: