From 4c901638b4d7bab5e5a847f6970425d9c1f2ea2d Mon Sep 17 00:00:00 2001 From: Javier Blazquez Date: Fri, 22 Jun 2018 20:11:26 -0700 Subject: multi: fix crash due to dangling entry in connect-pending list Fixes #2677 Closes #2679 --- lib/multi.c | 5 ++++ tests/data/Makefile.inc | 2 +- tests/data/test1557 | 36 +++++++++++++++++++++++++++ tests/libtest/Makefile.inc | 6 ++++- tests/libtest/lib1557.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 tests/data/test1557 create mode 100644 tests/libtest/lib1557.c diff --git a/lib/multi.c b/lib/multi.c index e30737dd2..c1d48a3ed 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -712,6 +712,11 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, Curl_getoff_all_pipelines(data, data->easy_conn); } + if(data->connect_queue.ptr) + /* the handle was in the pending list waiting for an available connection, + so go ahead and remove it */ + Curl_llist_remove(&multi->pending, &data->connect_queue, NULL); + if(data->dns.hostcachetype == HCACHE_MULTI) { /* stop using the multi handle's DNS cache, *after* the possible multi_done() call above */ diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 9d0781f0e..d9b1bcbee 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -175,7 +175,7 @@ test1520 test1521 \ test1525 test1526 test1527 test1528 test1529 test1530 test1531 test1532 \ test1533 test1534 test1535 test1536 test1537 test1538 \ test1540 \ -test1550 test1551 test1552 test1553 test1554 test1555 test1556 \ +test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ \ test1590 \ test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 \ diff --git a/tests/data/test1557 b/tests/data/test1557 new file mode 100644 index 000000000..16e2a2c47 --- /dev/null +++ b/tests/data/test1557 @@ -0,0 +1,36 @@ + + + +multi +crash + + + + + + + + +none + + +lib1557 + + + +Removing easy handle that's in the pending connections list doesn't leave behind a dangling entry + + +nothing + + + +# +# Verify that the test runs to completion without crashing + + +0 + + + + diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index ed536a564..ecb7d1dd4 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -28,7 +28,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ lib1525 lib1526 lib1527 lib1528 lib1529 lib1530 lib1531 lib1532 lib1533 \ lib1534 lib1535 lib1536 lib1537 lib1538 \ lib1540 \ - lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 \ + lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \ lib1900 \ lib2033 @@ -493,6 +493,10 @@ lib1556_SOURCES = lib1556.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1556_LDADD = $(TESTUTIL_LIBS) lib1556_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1556 +lib1557_SOURCES = lib1557.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +lib1557_LDADD = $(TESTUTIL_LIBS) +lib1557_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1557 + lib1900_SOURCES = lib1900.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1900_LDADD = $(TESTUTIL_LIBS) lib1900_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/tests/libtest/lib1557.c b/tests/libtest/lib1557.c new file mode 100644 index 000000000..bd0f20a85 --- /dev/null +++ b/tests/libtest/lib1557.c @@ -0,0 +1,62 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "test.h" + +#include "testutil.h" +#include "warnless.h" +#include "memdebug.h" + +int test(char *URL) +{ + CURLM *curlm = NULL; + CURL *curl1 = NULL; + CURL *curl2 = NULL; + int running_handles = 0; + int res = 0; + + global_init(CURL_GLOBAL_ALL); + + multi_init(curlm); + multi_setopt(curlm, CURLMOPT_MAX_HOST_CONNECTIONS, 1); + + easy_init(curl1); + easy_setopt(curl1, CURLOPT_URL, URL); + multi_add_handle(curlm, curl1); + + easy_init(curl2); + easy_setopt(curl2, CURLOPT_URL, URL); + multi_add_handle(curlm, curl2); + + multi_perform(curlm, &running_handles); + + multi_remove_handle(curlm, curl2); + curl_easy_cleanup(curl2); + + /* If curl2 is still in the connect-pending list, this will crash */ + multi_remove_handle(curlm, curl1); + curl_easy_cleanup(curl1); + +test_cleanup: + curl_multi_cleanup(curlm); + curl_global_cleanup(); + return res; +} -- cgit v1.2.3