Loading CHANGES +20 −0 Original line number Original line Diff line number Diff line Loading @@ -7,6 +7,26 @@ Changelog Changelog Daniel (10 March 2007) Daniel (10 March 2007) - Eygene Ryabinkin: The problem is the following: when we're calling Curl_done and it decides to keep the connection opened ('left intact'), then the caller is not notified that the connection was done via the NULLifying of the pointer, so some easy handle is keeping the pointer to this connection. Later ConnectionExists can select such connection for reuse even if we're not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is false and we can reuse this connection for another easy handle. But thus the connection will be shared between two easy handles if the handle that wants to take the ownership is not the same as was not notified of the connection was done in Curl_done. And when some of these easy handles will get their connection really freed the another one will still keep the pointer. My fix was rather trivial: I just added the NULLification to the 'else' branch in the Curl_done. My tests with Git and ElectricFence showed no problems both for HTTP pulling and cloning. Repository size is about 250 Mb, so it was a considerable amount of Curl's work. - Bryan Henderson introduces two things: - Bryan Henderson introduces two things: 1) the progress callback gets called more frequently (at times) 1) the progress callback gets called more frequently (at times) 2) libcurl *might* call the callback when it receives a signal: 2) libcurl *might* call the callback when it receives a signal: Loading RELEASE-NOTES +2 −1 Original line number Original line Diff line number Diff line Loading @@ -41,6 +41,7 @@ This release includes the following bugfixes: o CURLOPT_INTERFACE for ipv6 o CURLOPT_INTERFACE for ipv6 o the progress callback can get called more frequently o the progress callback can get called more frequently o libcurl might call the progress callback when it receives a signal o libcurl might call the progress callback when it receives a signal o use-after-free issue with HTTP transfers with the multi interface This release includes the following known bugs: This release includes the following known bugs: Loading @@ -62,6 +63,6 @@ advice from friends like these: Rob Crittenden, Robert A. Monat, Dan Fandrich, Duncan Mac-Vicar Prett, Rob Crittenden, Robert A. Monat, Dan Fandrich, Duncan Mac-Vicar Prett, Michal Marek, Robson Braga Araujo, Ian Turner, Linus Nielsen Feltzing, Michal Marek, Robson Braga Araujo, Ian Turner, Linus Nielsen Feltzing, Ravi Pratap, Adam D. Moss, Jose Kahan, Hang Kin Lau, Justin Fletcher, Ravi Pratap, Adam D. Moss, Jose Kahan, Hang Kin Lau, Justin Fletcher, Robert Iakobashvili, Bryan Henderson Robert Iakobashvili, Bryan Henderson, Eygene Ryabinkin Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone) lib/url.c +4 −0 Original line number Original line Diff line number Diff line Loading @@ -4240,6 +4240,10 @@ CURLcode Curl_done(struct connectdata **connp, infof(data, "Connection #%ld to host %s left intact\n", infof(data, "Connection #%ld to host %s left intact\n", conn->connectindex, conn->connectindex, conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname); conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname); *connp = NULL; /* to make the caller of this function better detect that this connection is handed over and no longer used from this point on */ } } return result; return result; Loading Loading
CHANGES +20 −0 Original line number Original line Diff line number Diff line Loading @@ -7,6 +7,26 @@ Changelog Changelog Daniel (10 March 2007) Daniel (10 March 2007) - Eygene Ryabinkin: The problem is the following: when we're calling Curl_done and it decides to keep the connection opened ('left intact'), then the caller is not notified that the connection was done via the NULLifying of the pointer, so some easy handle is keeping the pointer to this connection. Later ConnectionExists can select such connection for reuse even if we're not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is false and we can reuse this connection for another easy handle. But thus the connection will be shared between two easy handles if the handle that wants to take the ownership is not the same as was not notified of the connection was done in Curl_done. And when some of these easy handles will get their connection really freed the another one will still keep the pointer. My fix was rather trivial: I just added the NULLification to the 'else' branch in the Curl_done. My tests with Git and ElectricFence showed no problems both for HTTP pulling and cloning. Repository size is about 250 Mb, so it was a considerable amount of Curl's work. - Bryan Henderson introduces two things: - Bryan Henderson introduces two things: 1) the progress callback gets called more frequently (at times) 1) the progress callback gets called more frequently (at times) 2) libcurl *might* call the callback when it receives a signal: 2) libcurl *might* call the callback when it receives a signal: Loading
RELEASE-NOTES +2 −1 Original line number Original line Diff line number Diff line Loading @@ -41,6 +41,7 @@ This release includes the following bugfixes: o CURLOPT_INTERFACE for ipv6 o CURLOPT_INTERFACE for ipv6 o the progress callback can get called more frequently o the progress callback can get called more frequently o libcurl might call the progress callback when it receives a signal o libcurl might call the progress callback when it receives a signal o use-after-free issue with HTTP transfers with the multi interface This release includes the following known bugs: This release includes the following known bugs: Loading @@ -62,6 +63,6 @@ advice from friends like these: Rob Crittenden, Robert A. Monat, Dan Fandrich, Duncan Mac-Vicar Prett, Rob Crittenden, Robert A. Monat, Dan Fandrich, Duncan Mac-Vicar Prett, Michal Marek, Robson Braga Araujo, Ian Turner, Linus Nielsen Feltzing, Michal Marek, Robson Braga Araujo, Ian Turner, Linus Nielsen Feltzing, Ravi Pratap, Adam D. Moss, Jose Kahan, Hang Kin Lau, Justin Fletcher, Ravi Pratap, Adam D. Moss, Jose Kahan, Hang Kin Lau, Justin Fletcher, Robert Iakobashvili, Bryan Henderson Robert Iakobashvili, Bryan Henderson, Eygene Ryabinkin Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)
lib/url.c +4 −0 Original line number Original line Diff line number Diff line Loading @@ -4240,6 +4240,10 @@ CURLcode Curl_done(struct connectdata **connp, infof(data, "Connection #%ld to host %s left intact\n", infof(data, "Connection #%ld to host %s left intact\n", conn->connectindex, conn->connectindex, conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname); conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname); *connp = NULL; /* to make the caller of this function better detect that this connection is handed over and no longer used from this point on */ } } return result; return result; Loading
