isahc: Double free crash on macOS

I was messing around with smol/surf for the first time and managed to segfault with no unsafe code.

blep(14933,0x70000c2ac000) malloc: *** error for object 0x7fc8816029b0: pointer being freed was not allocated
blep(14933,0x70000cdc1000) malloc: Double free of object 0x7fc881602a60
blep(14933,0x70000c2ac000) malloc: *** set a breakpoint in malloc_error_break to debug

Based on this lldb backtrace it looks like a problem somewhere in isahc and libcurl. The backtrace and code are here:

https://gist.github.com/blinsay/3d5174aaa03f5546cd492054889d8789

I can reproduce this every 3-6 runs of my test program. Happy to poke around and get more information if you let me know what’s useful.

Thanks!

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 17 (11 by maintainers)

Most upvoted comments

Confirmed with slightly less silly forensics:

$ curl --version
curl 7.54.0 (x86_64-apple-darwin18.0) libcurl/7.54.0 LibreSSL/2.6.5 zlib/1.2.11 nghttp2/1.24.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
+1
blinsay on May 22, 2020

I pulled in surf 2.0.0-alpha.2 which got me isahc 0.92. Here’s the relevant chunk of cargo tree:

│   │   ├── isahc v0.9.2
│   │   │   ├── bytes v0.5.4 (*)
│   │   │   ├── crossbeam-channel v0.4.2 (*)
│   │   │   ├── crossbeam-utils v0.7.2 (*)
│   │   │   ├── curl v0.4.29
│   │   │   │   ├── curl-sys v0.4.31+curl-7.70.0
│   │   │   │   │   ├── libc v0.2.70 (*)
│   │   │   │   │   ├── libnghttp2-sys v0.1.3
│   │   │   │   │   │   └── libc v0.2.70 (*)
│   │   │   │   │   │   [build-dependencies]
│   │   │   │   │   │   └── cc v1.0.53
│   │   │   │   │   └── libz-sys v1.0.25
│   │   │   │   │       └── libc v0.2.70 (*)
│   │   │   │   │       [build-dependencies]
│   │   │   │   │       ├── cc v1.0.53 (*)
│   │   │   │   │       └── pkg-config v0.3.17
│   │   │   │   │   [build-dependencies]
│   │   │   │   │   ├── cc v1.0.53 (*)
│   │   │   │   │   └── pkg-config v0.3.17 (*)
│   │   │   │   ├── libc v0.2.70 (*)
│   │   │   │   └── socket2 v0.3.12 (*)
│   │   │   ├── curl-sys v0.4.31+curl-7.70.0 (*)

Happy to put my whole Cargo.lock in a gist if that’s useful.

+1
blinsay on May 22, 2020
Read more comments on GitHub
← carbon: Multi Action Button can't close with Esc key
isahc: failed to write response body because the response reader was dropped →