Posting an Int (Fixnum) causes Patron to segfault. #65

Closed
bhaberer opened this Issue Feb 13, 2013 · 1 comment

Projects

None yet

2 participants

@bhaberer
Contributor

I use Patron as part of a Rest API automated testing suite and I recently noticed that a change we made caused some bare ints to get passed to a Post which caused the suite to segfault. Our tester just worked around it by forcing the values to Strings before passing them, but this seems like it's probably a problem?

I didn't see any other tickets on it, but I guess it could be related to #51

Simple steps to repro:

require 'patron'
@session = Patron::Session.new
@session.base_url = 'http://localhost/'
@session.post 'test', '1'
@session.post 'test', 1

Here's how it dies when run in irb:

1.9.3p194 :001 > require 'patron'
 => true
1.9.3p194 :002 > @session = Patron::Session.new
 => #<Patron::Session:0x007f8d74b53188>
1.9.3p194 :003 > @session.base_url = 'http://localhost/'
 => "http://localhost/"
1.9.3p194 :004 > @session.post 'test', '1'
 => #<Patron::Response @status_line='HTTP/1.1 404 Not Found'> 
1.9.3p194 :005 > @session.post 'test', 1

/Users/bhaberer/.rvm/gems/ruby-1.9.3-p194/gems/patron-0.4.18/lib/patron/session.rb:223: [BUG] Segmentation fault
ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-darwin12.2.0]

-- Ruby level backtrace information ----------------------------------------
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/bin/irb:16:in `<main>'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb.rb:69:in `start'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb.rb:69:in `catch'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb.rb:70:in `block in start'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb.rb:155:in `eval_input'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/ruby-lex.rb:228:in `each_top_level_statement'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/ruby-lex.rb:228:in `catch'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/ruby-lex.rb:229:in `block in each_top_level_statement'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/ruby-lex.rb:229:in `loop'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/ruby-lex.rb:243:in `block (2 levels) in each_top_level_statement'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb.rb:156:in `block in eval_input'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb.rb:273:in `signal_status'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb.rb:159:in `block (2 levels) in eval_input'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/context.rb:254:in `evaluate'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/workspace.rb:80:in `evaluate'
/Users/bhaberer/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/irb/workspace.rb:80:in `eval' (irb):4:in `irb_binding'
/Users/bhaberer/.rvm/gems/ruby-1.9.3-p194/gems/patron-0.4.18/lib/patron/session.rb:163:in `post'
/Users/bhaberer/.rvm/gems/ruby-1.9.3-p194/gems/patron-0.4.18/lib/patron/session.rb:223:in `request'
/Users/bhaberer/.rvm/gems/ruby-1.9.3-p194/gems/patron-0.4.18/lib/patron/session.rb:223:in `handle_request'

I know that the docs state that 'Uploads the passed data to the specified url using HTTP POST. data must be a string.' But a segfault seems to be a bit rough.

Let me know if you need any additional info from the segfaults, or if I'm just doing something wrong.

@toland
Owner
toland commented Feb 14, 2013

Yeah, that is bad. At a first guess, it shouldn't be too difficult to call .to_s on the data before passing it on to libcurl.

@julik julik added a commit to julik/patron that referenced this issue Mar 14, 2016
@julik julik Cast request body to string when uploading
Replace the data object with return value of its to_s
before performing the request, since string pointers on
non-String VALUE types does not perform any checks but
crashes instead.

Fixes #65
f8ce051
@toland toland closed this in #100 Mar 14, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment