New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential double-free related with proxy #7593
Comments
Thanks for the hint, so my real test indeed included a timeout, at 1 second. I've managed to reproduce (randomly, but quite frequentl) a crash with a stack trace similar to the one of ossfuzz on my local machine by checking out the commit just before 14a2ca8 and by trying the proxy on port 80 (where I've a Apache running) rather than 514, and with a tinyish timeout. So I assume that there must be something particular on ossfuzz infrastructure with port 514. who knows.... with
and Valgrind shows
But running a git bisect session reveals that the first commit to fix the issue is actually commit 0842175 (which landed on June 24th 2021)
|
Either way, you're still saying that you cannot reproduce the problem with the current curl source code, right? So we can close this issue then? |
yes, let's close that. It seems it is no longer present in current curl source code, and the fact that the ossfuzz tickets are still open is probably just an artifact on ossfuzz. |
Thanks! |
First, sorry as I can't reproduce the bug reliably. This is an attempt at simplifying something I've been observing with the https://github.com/OSGeo/gdal project that runs under ossfuzz, and uses curl master HEAD.
We have a (not yet public) report in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35798 about a double-free occurring in Curl_free_request_state():
I cannot say for sure which curl version was used, but the bug was created on Sun, Jul 4, 2021, 12:38 AM, so this was a curl version from that day or the day before. Actually the stats show that the bug was randomly hit from July 3 to July 26, and there are no occurences from it anymore (but ossfuzz still mentions it as reliably reproducing...), so it might have been solved but my digging into curl history didn't spot anything obvious to me (was wondering about c27a70a which was committed on July 25 and is related to http_proxy ?)
A minimum reproducer would be something like the following, but as I said I didn't manage to reproduce when trying different recent curl commits:
The text was updated successfully, but these errors were encountered: