On Tue, Mar 21, 2023 at 2:32 PM Daniel Stenberg via curl-library < curl-library@lists.haxx.se> wrote:
> Hi, > > We worked out exactly WHY we shipped curl 8.0.0 with a problem that caused > immediate test failures. > > A while back we merged several CI job files into a single "linux.yml" file > to > make them easier to manage. > > In that (multi state) merge, some of the old CI jobs had valgrind enabled > when > the tests ran, but the valgrind package were not installed by linux.yml at > that point and we did not spot that we with this merge basically stopped > running CI jobs with valgrind enabled. > > Obviously, we had also previously disabled the -fsanitize jobs we have had > in > the past to there was also none of those running that could detect this. > > We *THOUGHT* we were allright and that all tests were good, but in fact > this > was a lie because we did not know how they actually ran with valgrind > enabled. > > Obviously none of us developers ran all the tests locally often enough to > detect this case either. > > When 8.0.0 subsequently shipped and users ran the full test suite with > valgrind the problem was immediately detected and it was reported to us > within > hours of the release. > > It took me some additional 90 minutes of deliberating and research > (involving > peeps in the IRC channel) to land on the conclusion that we really needed > a > 8.0.1 and I then emailed this list about it. > > The easy fix was to revert the offending commit and release 8.0.1 without > it. > I still want that particular fix done so I'm doing a second attempt > (#10801) > that I will not merge until it has been properly verified with valgrind. > > The PR #10798 is me putting valgrind into the linux.yml job so that we > again > do better tests. It reveals a few additional problems that I also need to > work > on, for example memory leaks when using hyper: #10803 > > Left to do: add a build (or three) that uses clang's and/or gcc's > -fsanitize=address,undefined,signed-integer-overflow instead of valgrind, > to > help us detect mistakes such as the one shipped in 8.0.0. > > Thanks for flying curl. Never a dull moment. > A most memorable birthday celebration. ;-) > > -- > > / daniel.haxx.se > | Commercial curl support up to 24x7 is available! > | Private help, bug fixes, support, ports, new features > | https://curl.se/support.html > -- > Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library > Etiquette: https://curl.se/mail/etiquette.html >
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
