Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
parse_proxy(): fix memory leak in case of invalid proxy server name #1761
Fixes the below leak:
$ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1
This comment has been minimized.
This comment has been minimized.Show comment Hide comment
Yes, it is embargoed for now for people not in the GDAL team. Anyway the report wasn't that great (the reproducer file didn't match the report). I just got the leak stracktrace, and looking at curl code, reverse engineered a likely reproducer...
FYI, some GDAL files (virtual raster files written as XML) can contain reference to extended filenames, such as /vsicurl/proxy=http://a:b@/x,url=http://foo that contains the curl URL and a subset of possible curl options. So oss-fuzz can end up crafting such extended filenames when messing with the XML file, discovering those curl issues.