We are in the process of upgrading an existing application from curl 7.51.0 and
have discovered a double free issue, we are not sure if this is an
unintentional consequence of a curl change, or just that we have been handling
this wrong all along.
Some background; we have a socket callback function that contains the following
code (the intention is to ensure we correctly handle transfers left if we are
paused when the socket closes). It is being invoked from curl_multi_closed when
we see the issue.
```
if (what == CURL_POLL_REMOVE) {
http::Transfer *t;
curl_easy_getinfo(e, CURLINFO_PRIVATE, &t);
assert(t);
if (!t->finished) {
// Make sure paused transfers complete
curl_easy_pause(e, CURLPAUSE_CONT);
}
...
```
This has apparently been working fine for several years, however the following
change causes us a problem
https://github.com/curl/curl/commit/26d3d2384b1aa336f7a2634c3c3068a46a8cfa52
The addition of the call to Curl_updatesocket(data) in curl_easy_pause results
in Curl_hash_destroy being triggered, but immediately after the socket callback
completes we hit this line:
https://github.com/curl/curl/blob/26d3d2384b1aa336f7a2634c3c3068a46a8cf
a52/lib/multi.c#L2455
which also results in a call to Curl_hash_destroy and we see a double free.
So, should we be doing this differently? or was this an unexpected side effect
of the change?
thank you
Rich
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
