Segmentation fault using libcurl to perform an IDLE command in IMAP #747

Closed
ehlertjd opened this Issue Mar 31, 2016 · 4 comments

Projects

None yet

3 participants

@ehlertjd
Contributor

I did this

  1. Create an IMAP connection using CURLOPT_CONNECT_ONLY.
  2. Using curl_easy_send and curl_easy_receive, select the INBOX and perform an IDLE command
  3. Send a DONE command and call curl_easy_cleanup
  4. Program aborts with a segfault

frame #0: 0x0000000100033d59 libcurl.4.dylib:imap_endofresp + 245'
frame #1: 0x00000001000374c0 libcurl.4.dylib:Curl_pp_readresp + 480
frame #2: 0x0000000100033b06 libcurl.4.dylib:imap_statemach_act + 2045
frame #3: 0x0000000100034758 libcurl.4.dylib:imap_block_statemach + 42
frame #4: 0x00000001000332b7 libcurl.4.dylib:imap_disconnect + 75
frame #5: 0x0000000100019653 libcurl.4.dylib:Curl_disconnect + 103
frame #6: 0x000000010002c55c libcurl.4.dylib:curl_multi_cleanup + 78
frame #7: 0x0000000100014668 libcurl.4.dylib:Curl_close + 60
frame #8: 0x0000000100000d10 test_imap_connect_only:main + 368
frame #9: 0x00007fff90ed15ad libdyld.dylib:start + 1
frame #10: 0x00007fff90ed15ad libdyld.dylib:start + 1

Sample program that crashes here:
imap_idle.cpp

I expected the following

Program should not crash, connection cleanup should occur cleanly.

curl/libcurl version

7.48.0

operating system

OSX 10.11

@bagder bagder added crash IMAP labels Mar 31, 2016
@captain-caveman2k
Member

Presumably we have an uninitialised variable as the normal program flow hasn't been followed.

I agree libcurl shouldn't crash but do you know which variable is causing the crash or are you able to debug your program and find out?

@ehlertjd
Contributor
ehlertjd commented Apr 1, 2016

Found this at the end of the day yesterday. I plan on digging in a bit more
today.

On Fri, Apr 1, 2016, 3:58 AM Steve Holme notifications@github.com wrote:

Presumably we have an uninitialised variable as the normal program flow
hasn't been followed.

I agree libcurl shouldn't crash but do you know which variable is causing
the crash or are you able to debug your program and find out?


You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#747 (comment)

@ehlertjd ehlertjd pushed a commit to ehlertjd/curl that referenced this issue Apr 1, 2016
ehlertjd@gmail.com Check imap pointer before dereferencing it - may be null in the CURLO…
…PT_CONNECT_ONLY case. fixes curl/curl#747
9890a07
@ehlertjd ehlertjd pushed a commit to ehlertjd/curl that referenced this issue Apr 1, 2016
ehlertjd@gmail.com Check imap pointer before dereferencing it - may be null in the CURLO…
…PT_CONNECT_ONLY case. fixes curl/curl#747
4798893
@ehlertjd
Contributor
ehlertjd commented Apr 1, 2016

Turns out that the imap pointer on line 372 of imap.c is NULL. Adding a check there resolves the problem. Pull request incoming.

@captain-caveman2k
Member

Cool - thank you.

@bagder bagder added a commit that closed this issue Apr 1, 2016
@ehlertjd @bagder ehlertjd + bagder IMAP: check pointer before dereferencing it
may be null in the CURLOPT_CONNECT_ONLY case

Fixes #747
8f654f2
@bagder bagder closed this in 8f654f2 Apr 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment