Backport the leak fix from upstream#2
Merged
sergio-nsk merged 1 commit intosnxd-7_84_0from Jul 27, 2022
Merged
Conversation
steve-tucker
approved these changes
Jul 27, 2022
nmoinvaz
pushed a commit
that referenced
this pull request
Jul 1, 2023
Fixes msan warnings:
==54195==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55ece35e57cb in line_length /home/runner/work/curl/curl/tests/server/getpart.c:111:25
#1 0x55ece35e3b83 in readline /home/runner/work/curl/curl/tests/server/getpart.c:164:24
#2 0x55ece35e0269 in getpart /home/runner/work/curl/curl/tests/server/getpart.c:347:18
#3 0x55ece36180b6 in parse_servercmd /home/runner/work/curl/curl/tests/server/sws.c:283:13
Closes curl#10822
sergio-nsk
added a commit
that referenced
this pull request
Jul 31, 2023
Further `u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.
```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 at pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4
READ of size 78 at 0x04d48c75 thread T0
#0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
#1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_party\curl\lib\strdup.c:97
#2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1297
#3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1342
#4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1790
#5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:1768
#6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3403
curl#7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3888
curl#8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:1982
curl#9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:2756
```
nmoinvaz
pushed a commit
that referenced
this pull request
Aug 8, 2023
`u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.
```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 at pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4
READ of size 78 at 0x04d48c75 thread T0
#0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
#1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_party\curl\lib\strdup.c:97
#2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1297
#3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1342
#4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1790
#5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:1768
#6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3403
curl#7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3888
curl#8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:1982
curl#9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:2756
```
Closes curl#11560
sergio-nsk
pushed a commit
that referenced
this pull request
Apr 21, 2024
In order to make MSAN happy:
==2200945==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x596f3b3ed246 in curlx_strtoofft [...]/libcurl/src/lib/strtoofft.c:239:11
#1 0x596f3b402156 in Curl_httpchunk_read [...]/libcurl/src/lib/http_chunks.c:149:12
#2 0x596f3b348550 in readwrite_data [...]/libcurl/src/lib/transfer.c:607:11
[...]
==2202041==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5a3fab66a72a in Curl_parse_port [...]/libcurl/src/lib/urlapi.c:547:8
#1 0x5a3fab650645 in parse_authority [...]/libcurl/src/lib/urlapi.c:796:12
#2 0x5a3fab6740f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
#3 0x5a3fab664fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:1342:12
[...]
==2202320==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x569076a0d6b0 in ipv4_normalize [...]/libcurl/src/lib/urlapi.c:683:12
#1 0x5690769f2820 in parse_authority [...]/libcurl/src/lib/urlapi.c:803:10
#2 0x569076a160f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
#3 0x569076a06fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:1342:12
[...]
Signed-off-by: Louis Solofrizzo <lsolofrizzo@scaleway.com>
Closes curl#12995
sergio-nsk
pushed a commit
that referenced
this pull request
Apr 24, 2025
Before this patch the signal handler called `logmsg()` which in turn called `printf()` variants (internal implementations), and `FILE *` functions, `localtime()`. Some of these called `malloc`/`free`, which isn't supported in s signal handler. Replace them with `write` calls, losing some logging functionality. Also: - De-dupe and move `STD*_FILENO` macros to `lib/curl_setup.h`. Revert the `src` definition to point to `stderr`, instead of `tool_stderr`. Follow-up to e5bb88b curl#11958 POSIX specs with list of functions allowed in a signal handler: 2004: https://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html#tag_02_04_03 2017: https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03 2024: https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html#tag_16_04_03 Linux CI run with the thread sanitizer going crazy when hitting the signal handler in test 1238 and 1242 (TFTP): ``` WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582) #0 malloc <null> (servers+0x5ed70) #1 _IO_file_doallocate <null> (libc.so.6+0x851b4) #2 formatf /home/runner/work/curl/curl/bld/tests/server/../../lib/../../lib/mprintf.c:886:9 (servers+0xdff77) [...] WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582) #0 free <null> (servers+0x5f453) #1 fclose <null> (libc.so.6+0x8532f) #2 logmsg /home/runner/work/curl/curl/bld/tests/server/../../../tests/server/util.c:134:5 (servers+0xe684d) ``` Ref: https://github.com/curl/curl/actions/runs/14118903372/job/39555309490?pr=16851 Closes curl#16852
sergio-nsk
pushed a commit
that referenced
this pull request
Aug 23, 2025
Replace autotools with cmake to avoid libtool wrappers that are changing `LD_LIBRARY_PATH` in a way incompatible with the thread sanitizer. To fix the output when the sanitizier is finding something: ``` ==51718==WARNING: Can't write to symbolizer at fd 7 /usr/bin/llvm-symbolizer-18: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: no version information available (required by /usr/bin/llvm-symbolizer-18) /usr/bin/llvm-symbolizer-18: symbol lookup error: /home/runner/openssl/lib/libcrypto.so.3: undefined symbol: __tsan_func_entry ``` Ref: https://github.com/curl/curl/actions/runs/16911402500/job/47913783729#step:39:4466 After: ``` 13:50:04.117885 == Info:ThreadSanitizer: thread T1 finished with ignores enabled, created at: closing connection #0 #0 pthread_create <null> (libtests+0x6bc0f) (BuildId: 4fe889446291259934205ac03931c397aa0210d3) #1 Curl_thread_create /home/runner/work/curl/curl/lib/curl_threads.c:73:6 (libcurl.so.4+0x55a76) (BuildId: cb0f14ba2ad68c9cab0c980d9a5d7a53cc0782da) #2 async_thrdd_init /home/runner/work/curl/curl/lib/asyn-thrdd.c:500:26 (libcurl.so.4+0x1c153) (BuildId: cb0f14ba2ad68c9cab0c980d9a5d7a53cc0782da) [...] ``` Ref: https://github.com/curl/curl/actions/runs/16939193922/job/48003405272?pr=18274#step:39:4018 Also: - disable memory tracker which turned out to be incompatible with the thread sanitizer and detaching threads. Ref: curl#18263 and #curl IRC. - the job is ~30 seconds faster after this patch. Reported-by: Stefan Eissing Bug: curl#18263 (comment) Follow-up to a2bcec0 curl#14751 Closes curl#18274
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The leak has been found by ASAN, has been fixed on upstream master.
https://github.com/snxd/client/runs/7533450519?check_suite_focus=true#step:12:1700
curl#9199