Free data->state.formp when Curl_getformdata return non-zero value #12419
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bagder
reviewed
Nov 28, 2023
lib/http.c
Outdated
| @@ -3260,7 +3260,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) | |||
|
|
|||
| result = Curl_http_body(data, conn, httpreq, &te); | |||
| if(result) | |||
| { | |||
| if (data->state.formp) | |||
There was a problem hiding this comment.
But do follow the code style, as otherwise the CI jobs will be sad.
|
I propose this slightly different version, which frees the pointer closer to where the error happens: From 5b2a4caf7b3cff535df3f146eeec6bc7cfdc6259 Mon Sep 17 00:00:00 2001
From: yushicheng7788 <lance.yu@zoom.us>
Date: Tue, 28 Nov 2023 15:49:49 +0800
Subject: [PATCH] Curl_http_body: Free data->state.formp when Curl_getformdata
errors
Fixes #12410
---
lib/http.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/http.c b/lib/http.c
index 45748dd29..be6d442e8 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2437,12 +2437,14 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn,
if(!data->state.formp)
return CURLE_OUT_OF_MEMORY;
Curl_mime_cleanpart(data->state.formp);
result = Curl_getformdata(data, data->state.formp, data->set.httppost,
data->state.fread_func);
- if(result)
+ if(result) {
+ Curl_safefree(data->state.formp);
return result;
+ }
data->state.mimepost = data->state.formp;
}
break;
#endif
default:
--
2.43.0 |
|
Thanks for your review, already changed. And I'm new to curl. I will read more docs later. Thanks for your work again! |
|
Based on your fine recipe on reproducing this problem, I wrote a test case that verified this fix which then led me to do some further fixes as this would cause a memory-leak. My slightly larger take is in #12421 |
|
I merged #12421 instead, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request solves this issue. When Curl_getformdata returns a non-zero value, data->state.formp needs to be released to ensure that easy handle will not crash when reused.