Ubuntu
curl package

libcurl3-gnutls has memory corruption

Bug #379477 reported by Peter on 2009-05-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	curl (Debian)	Fix Released	Unknown	debbugs #530131
	curl (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Hello!
I'm using libcurl-7.18.2 with GNU-TLS, with curl_multi_* interface. I'm not using share handles. When i start my program on server with high bandwidth rate, with a large amount of network streams, libcurl causes memory corruption.
I've wrote simple testcase(libcurl_bug_testcase.c), that reproduces programs behaviour. Don't worry about irrational usage of curl_easy_setopt, this is done to duplicate behaviour of my apllication, which is much more complex then this testcase. Also i'm attaching links set, with which bug appears(links.txt).
When i run testcase under valgrind, in 80 network streams, there is memory corruption in libcurl. There is invalid write of 4 bytes in multi_runsingle (multi.c:907), which causes magic behaviour. You can see it in attachment(valgrind_error_log.txt). If i run testcase without valgrind, memory corruption results in segmentation fault.
I checked this testcase with libcurl-7.19.5 and it seems, that bug is fixed in it(i configured it with folowing options: --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt --without-ssl --with-gnutls --without-libssh2).

My system info:
uname -a
Linux * 2.6.27-14-generic #1 SMP Wed Apr 15 18:59:16 UTC 2009 i686 GNU/Linux

    lsb_release -ar
        No LSB modules are available.
        Distributor ID: Ubuntu
        Description: Ubuntu 8.10
        Release: 8.10
        Codename: intrepid

    aptitude show libcurl3-gnutls
        Package: libcurl3-gnutls
        State: installed
        Automatically installed: yes
        Version: 7.18.2-1ubuntu4.3
        Priority: optional
        Section: libs
        Maintainer: Ubuntu Core Developers <email address hidden>
        Uncompressed Size: 418k
        Depends: libc6 (>= 2.4), libcomerr2 (>= 1.01), libgcrypt11 (>= 1.4.0), libgnutls26 (>= 2.4.0-0), libidn11 (>= 0.5.18), libkrb53 (>= 1.6.dfsg.2),
                 libldap-2.4-2 (>= 2.4.7), libtasn1-3 (>= 0.3.4), zlib1g (>= 1:1.1.4), ca-certificates
        Conflicts: libcurl4-gnutls
        Replaces: libcurl4-gnutls
        Description: Multi-protocol file transfer library (GnuTLS)
         libcurl is designed to be a solid, usable, reliable and portable multi-protocol file transfer library.

SSL support is provided by GnuTLS.

This is the shared version of libcurl.
Homepage: http://curl.haxx.se

    gcc -v
        Using built-in specs.
        Target: i486-linux-gnu
        Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.3.2-1ubuntu12' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --enable-targets=all --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
        Thread model: posix
        gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12)

Attachments:
    libcurl_bug_testcase.c - testcase, that reproduces memory corruption.
    links.txt - file with links, that should be passed to testcase.
    valgrind_error_log.txt - valgrind output on my server/desktop.

With best regards, Piter Smith.