#1179 Buffer Overflow Detection

[Joshua Hickman]

I'm running typheous (which uses libcurl) on JRuby via the FFI. I got this curious stack trace:

*** buffer overflow detected ***: /usr/bin/java terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f8bdd5b3007]
/lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7f8bdd5b1f00]
/lib/x86_64-linux-gnu/libc.so.6(+0x108fbe)[0x7f8bdd5b2fbe]
/usr/lib/x86_64-linux-gnu/libcurl.so.4(curl_multi_fdset+0xeb)[0x7f8b99b9133b]

Any help you can provide would be phenomenal -- I'm having a hard time reliably reproducing (it took hours on a production box with >100 requests a second to trigger this), but I'll keep this ticket up to date with any further information I have.

[Daniel Stenberg]

Since this happens in a call to curl_multi_fdset(), I would guess that you're facing an FD_SETSIZE problem. libcurl uses a socket with a file number larger than 1024 and that causes it to try to write the fd_set variable outside of its boundaries.

Could it be an explanation?

[Joshua Hickman]

Is there any way of using libcurl that would circumvent that issue in
general? I'd be cool with submitting a patch to the ruby library I'm
using.

thanks,
orion

On Tue, Jan 8, 2013 at 10:17 AM, Daniel Stenberg bagder@users.sf.net wrote:

FD_SETSIZE

[Daniel Stenberg]

Sorry, I just read the code now and it already has checks in place to make sure this doesn't happen. Which libcurl version did you experience this with?

[Dan Fandrich]

Can you compile this app with debug symbols enabled? It might be useful to know exactly which call is failing.

[Joshua Hickman]

@Dan Fandrich: That would be... potentially problematic, the ruby library I'm using uses the system's libcurl, which I don't want to change for fear of angering the Ubuntu gods.

@Dan Stenberg: I'm not entirely sure how to find that out. Where should I look?

[Dan Fandrich]

You don't have to replace the system libraries--just set LD_LIBRARY_PATH to the location of your debug library (or libraries) before you start the app.

If you're using the system libcurl, then 'curl --version' will show its version number.

[Daniel Stenberg]

Unless we get more info and feedback, this report will be closed soon.

[Joshua Hickman]

Sorry, didn't get the alert when Daniel Fandrich helped me out.

curl 7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM SSL libz

[Joshua Hickman]

Also, I've yet to reproduce, so (as a developer, I know how it is) I'd be fine with this issue being put on ice.

[Daniel Stenberg]

I'm sorry, but that is slightly too old for me to be able to bother. I count more than 2000 commits since that release and we have done more than 350 bug fixes in the almost two years that have passed since that release.

Can you please try a modern version and see if the problem remains?