Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo


#793 crash in ConnectionExists when using duphandle+curl_mutli

libcurl (356)

We've had the following bug reported at PHP:


After some more tests, it was found that removing the handle from curl_mutli *before* duplicating it solves the problem.

A simple test to reproduce the crach written in C has been created, and is available at: http://ookoo.org/svn/snip/curl_bug/

This bug has been tested and confirmed against curl 7.19.2.


0x00002b46220b7646 in ConnectionExists (data=0x6430a8, needle=0x6402b8, usethis=0x7fff88c37588) at url.c:2443
2443 pipeLen = check->send_pipe->size + check->recv_pipe->size;
(gdb) bt
#0 0x00002b46220b7646 in ConnectionExists (data=0x6430a8, needle=0x6402b8, usethis=0x7fff88c37588) at url.c:2443
#1 0x00002b46220bab2b in create_conn (data=0x6430a8, in_connect=0x640260, addr=0x7fff88c375f0, async=0x7fff88c3765e) at url.c:4289
#2 0x00002b46220baef0 in Curl_connect (data=0x6430a8, in_connect=0x640260, asyncp=0x7fff88c3765e, protocol_done=0x7fff88c3765d) at url.c:4475
#3 0x00002b46220d1fc3 in multi_runsingle (multi=0x626298, easy=0x640248) at multi.c:940
#4 0x00002b46220d2ee8 in curl_multi_perform (multi_handle=0x626298, running_handles=0x7fff88c37724) at multi.c:1502
#5 0x0000000000400b3c in main (argc=1, argv=0x7fff88c37828) at test.c:36

(gdb) print data->state.connc->connects[0]
$6 = (struct connectdata *) 0x30

On line 628 of lib/easy.c, the following code seems suspect:

if(data->state.used_interface == Curl_if_multi)
outcurl->state.connc = data->state.connc;
outcurl->state.connc = Curl_mk_connc(CONNCACHE_PRIVATE, -1);

Commenting the if() (leaving only the Curl_mk_connc) fixes the crash, however I believe there must be some other reason than crashing libcurl for this if to exist.


  • Thanks for the nice recipe, I get the exact same crash using your code.

  • Thanks, I'm committing a fix right now. If you tell me your real name I'll give you proper credit in the changelog for your report and work!

    • priority: 5 --> 7
    • status: open --> closed-fixed
  • Thanks for the report, this problem is now fixed in CVS!