Menu
▾
▴
#167 url.c free/pointer crash
libcurl-7.9.5-pre4 Bug:
I found a bug in url.c (url.c,v 1.190 2002/02/17
11:17:37) but am not sure how
it should be fixed.
Function name:
static CURLcode CreateConnection(struct SessionHandle
*data,
struct connectdata
**in_connect)
line: 1986, 1987, and 2002
/* we need these pointers if we speak over a proxy
*/
1986: conn->hostname = old_conn->gname;
1987: conn->name = old_conn->name;
free(conn->path); /* free the previously
allocated path pointer */
/* 'path' points to the allocated data, 'ppath'
may have been advanced
to point somewhere within the 'path' area. */
conn->path = path;
conn->ppath = ppath;
/* re-use init */
conn->bits.reuse = TRUE; /* yes, we're re-using
here */
conn->bits.chunk = FALSE; /* always assume not
chunked unless told
otherwise */
conn->maxdownload = -1; /* might have been used
previously! */
2002: free(old_conn); /* we don't need this
anymore */
on the first two lines you set two pointers in the new
conn structure to values
in the old_conn structure and then on line 2002 you
free(old_conn) - OOPS!!!!
I commented lines 1986 and 1987 out and it appeared to
work (fingers crossed!!)
but don't know the implications of this.
Discussion
Logged In: YES
user_id=1110
I don't think we can just cut out the lines, but instead I
suggest the following patch.
I couldn't repeat your problem, but with this fix applied it
still runs just as fine in my end! Could you have a go and
try this?
--- url.c 17 Feb 2002 11:17:37 -0000 1.190
+++ url.c 28 Feb 2002 13:00:56 -0000
@@ -1983,8 +1983,8 @@
conn = conn_temp; /* use this connection from
now on */
/* we need these pointers if we speak over a proxy */
- conn->hostname = old_conn->gname;
- conn->name = old_conn->name;
+ conn->hostname = conn->gname;
+ conn->name = &conn->gname[old_conn->name -
old_conn->gname];
free(conn->path); /* free the previously allocated
path pointer */
Logged In: NO
Cool - those two line changes stopped it from crashing -
should have mentioned that it was on Windows 2000 and only
in debug mode. I still don't know what those two lines are
to accomplish but at least it works now and your pointers
are pointing off into oblivion.
Logged In: NO
Last part of the last sentence on previous message should
be -
now your pointers are NOT pointing off into oblivion
Logged In: YES
user_id=1110
Heh
Ok, thanks a lot for your report and for testing my fix. It
is now committed to the CVS repository.
Closing this report.