double-free in http_read_cb() #174

snej · 2023-08-25T19:02:10Z

The Clang static analyzer found a code path where a heap block is freed twice, in http_read_cb() in http.c

On line 96, free(buf->base);
On line 132, free(buf->base);

Unless I’m missing something, flow of control will go from line 96 to line 132 without returning or changing buf or buf->base in the interim.

The text was updated successfully, but these errors were encountered:

…e HTTP response [fixes #174]

ekoby · 2023-09-10T02:10:53Z

good catch, in practice double-free would happen if the server is not HTTP -- sends something that fails to parse by HTTP parser

…e HTTP response [fixes #174]

ekoby added a commit that referenced this issue Sep 10, 2023

add missing return in the case when server sends invalid/non-parseabl…

d117267

…e HTTP response [fixes #174]

ekoby mentioned this issue Sep 10, 2023

do not reference websocket handle after callbacks been called #181

Merged

ekoby added a commit that referenced this issue Sep 10, 2023

add missing return in the case when server sends invalid/non-parseabl…

8651ffd

…e HTTP response [fixes #174]

ekoby closed this as completed in #181 Sep 10, 2023

ekoby added a commit that referenced this issue Sep 10, 2023

add missing return in the case when server sends invalid/non-parseabl…

e60e258

…e HTTP response [fixes #174]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

double-free in http_read_cb() #174

double-free in http_read_cb() #174

snej commented Aug 25, 2023

ekoby commented Sep 10, 2023

double-free in http_read_cb() #174

double-free in http_read_cb() #174

Comments

snej commented Aug 25, 2023

ekoby commented Sep 10, 2023