Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Check for -1 after CURLINFO_LASTSOCKET #3993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Check for -1 after CURLINFO_LASTSOCKET #3993

wants to merge 1 commit into from

Conversation

alexcrichton
Copy link
Contributor

We're recently trying to upgrade to the current mater of libgit2 in Cargo but
we're unfortunately hitting a segfault in one of our tests. A particular test is
just a small smoke test that https works (e.g. it's configured in libgit2). This
test attempts to clone from a URL which simply immediately drops connections
after they're accepted (e.g. terminate abnormally). We expect to see a standard
error from libgit2 but unfortunately we're seeing a segfault.

This segfault is happening inside of the wait_for function of curl_stream.c
at the line FD_SET(fd, &errfd) because fd is -1. This ends up doing an
out-of-bounds array access that faults the program. I tracked back to where this
-1 came from to the line here (returned by CURLINFO_LASTSOCKET) and added a
check to return an error. This may not be the right fix though, so feedback is
appreciated!

@alexcrichton alexcrichton mentioned this pull request Nov 10, 2016
Merged
@alexcrichton
Check for -1 after CURLINFO_LASTSOCKET
1d64dd7 
We're recently trying to upgrade to the current mater of libgit2 in Cargo but
we're unfortunately hitting a segfault in one of our tests. A particular test is
just a small smoke test that https works (e.g. it's configured in libgit2). This
test attempts to clone from a URL which simply immediately drops connections
after they're accepted (e.g. terminate abnormally). We expect to see a standard
error from libgit2 but unfortunately we're seeing a segfault.

This segfault is happening inside of the `wait_for` function of `curl_stream.c`
at the line `FD_SET(fd, &errfd)` because `fd` is -1. This ends up doing an
out-of-bounds array access that faults the program. I tracked back to where this
-1 came from to the line here (returned by `CURLINFO_LASTSOCKET`) and added a
check to return an error. This may not be the right fix though, so feedback is
appreciated!
pks-t added a commit that referenced this pull request Nov 11, 2016
@pks-t
Merge pull request #3993 from alexcrichton/fix-fault
b782205
@pks-t
Copy link
Member

pks-t commented Nov 11, 2016

Thanks for the fix. I manually merged the commit via b782205 as I've removed the last sentence from the commit message (that is, the bit about not being sure if the fix is right, as it is).

@pks-t pks-t closed this Nov 11, 2016
@pks-t pks-t mentioned this pull request Nov 11, 2016
Merged
@alexcrichton
Copy link
Contributor Author

Thanks!

@alexcrichton alexcrichton deleted the fix-fault branch November 11, 2016 15:17
@carlosmn carlosmn mentioned this pull request Nov 14, 2016
Closed
@johnhaley81 johnhaley81 mentioned this pull request Feb 6, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexcrichton @pks-t