You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ src/curl tftp://example.com --proxy 1
curl: (55) getpeername() failed with errno 107: Transport endpoint is not connected
free(): double free detected in tcache 2
Abandon (core dumped)
$ libtool --mode=execute valgrind --leak-check=full src/curl tftp://example.com --proxy 1
==2134294== Memcheck, a memory error detector
==2134294== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2134294== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==2134294== Command: /home/even/curl/src/.libs/curl tftp://example.com --proxy 1
==2134294==
curl: (55) getpeername() failed with errno 107: Noeud final de transport n'est pas connecté
==2134294== Invalid free() / delete / delete[] / realloc()
==2134294== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==2134294== by 0x48D216C: Curl_free_request_state (url.c:2203)
==2134294== by 0x48CE364: Curl_close (url.c:402)
==2134294== by 0x486F526: curl_easy_cleanup (easy.c:742)
==2134294== by 0x11E175: post_per_transfer (in /home/even/curl/src/.libs/curl)
==2134294== by 0x124905: operate (in /home/even/curl/src/.libs/curl)
==2134294== by 0x114142: main (in /home/even/curl/src/.libs/curl)
==2134294== Address 0x508fb70 is 0 bytes inside a block of size 656 free'd
==2134294== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==2134294== by 0x48CF4F0: conn_free (url.c:791)
==2134294== by 0x48CF6BF: Curl_disconnect (url.c:874)
==2134294== by 0x48A2571: multi_runsingle (multi.c:2522)
==2134294== by 0x48A27EC: curl_multi_perform (multi.c:2591)
==2134294== by 0x486F1F0: easy_transfer (easy.c:606)
==2134294== by 0x486F459: easy_perform (easy.c:696)
==2134294== by 0x486F4CB: curl_easy_perform (easy.c:715)
==2134294== by 0x1248E5: operate (in /home/even/curl/src/.libs/curl)
==2134294== by 0x114142: main (in /home/even/curl/src/.libs/curl)
==2134294== Block was alloc'd at
==2134294== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==2134294== by 0x488E7F7: connect_init (http_proxy.c:169)
==2134294== by 0x488FD04: Curl_proxyCONNECT (http_proxy.c:1045)
==2134294== by 0x488E698: Curl_proxy_connect (http_proxy.c:117)
==2134294== by 0x4886CEB: Curl_http_connect (http.c:1492)
==2134294== by 0x48A13BB: multi_runsingle (multi.c:1935)
==2134294== by 0x48A27EC: curl_multi_perform (multi.c:2591)
==2134294== by 0x486F1F0: easy_transfer (easy.c:606)
==2134294== by 0x486F459: easy_perform (easy.c:696)
==2134294== by 0x486F4CB: curl_easy_perform (easy.c:715)
==2134294== by 0x1248E5: operate (in /home/even/curl/src/.libs/curl)
==2134294== by 0x114142: main (in /home/even/curl/src/.libs/curl)
Author: Daniel Stenberg <daniel@haxx.se>
Date: Fri Nov 12 13:34:49 2021 +0100
Curl_connect_done: handle being called twice
Follow-up to f0b7099a10d1a7c
When torture testing 1021, it turns out the Curl_connect_done function
might be called twice and that previously then wrongly cleared the HTTP
pointer in the second invoke.
Closes #7999
lib/http_proxy.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
operating system
Linux even-ThinkPad-P15v-Gen-1 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered:
I did this
Initally found by oss-fuzz on GDAL (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40963)
with curl master at 3bf54f9
$ src/curl -V
git bisects point to commit b89a4b5
operating system
Linux even-ThinkPad-P15v-Gen-1 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: