seen with mingw-w64 gcc 14.2.0 while playing with other modifications:
```
lib/asyn-thread.c: In function 'init_resolve_thread':
lib/asyn-thread.c:447:5: warning: 'free' called on pointer 'data' with nonzero offset 3264 [-Wfree-nonheap-object]
447 | free(td);
| ^~~~~~~~
```
Where `td` is:
```c
struct thread_data *td = &data->state.async.thdata;
```
Follow-up to d9fc64d3ab#16241Closes#16734
Fix the broken implementation to have `data->state` carry pointers into
connectdata members. Always dup the memory and free when easy handle
closes.
Closes#16733
By allocating the method string as part of the struct, the previous
fixed size limit (23 bytes) can be avoided. It would previously make
"curl -X [long string]" work against http://localhost but fail against
https://curl.se with no clear error message.
Closes#16729
It was introduced in 294136b754, but not shipped in a release. It
has caused problems and after checking, the browsers don't insist on it
even if RFC 9112 says it is mandatory.
Adjust test 2 to do a response without the space.
Closes#16728
Follow-up to 00fc55677f
Ref: https://github.com/curl/curl/pull/16716#issuecomment-2724429278
> I have some tooling leftover from when I was implementing CRL support
> in the webpki crate that downloaded every CRL I could find referenced
> in ccadb (without doing any special filtering for defunct CAs/CRLs
> mind you) and found CRLs that spanned the range from very small
> (<1mb), to medium sized (11 .. 22mb) to very large (100mb).
Reported-by: Daniel McCarney
Closes#16724
Before this patch, autotools builds excluded TrackMemory sources
(`lib/memdebug.c` and `lib/curl_multibyte.c`) based on the `DEBUGBUILD`
setting. This works in most cases because its value is the same as
`CURLDEBUG` by default, but the correct condition is `CURLDEBUG`.
It should fix `--disable-debug --enable-curldebug --enable-unity`
builds. (not tested in CI)
It also syncs behavior with cmake builds.
Ref: #16705Closes#16723
It seems unnecessary and possibly unexpected to build test servers with
debug-enabled features and memory tracking whenever the tested curl is
built like that (which is a requirement for some tests, so curl is
mostly built like that when running tests.) It also makes building
servers a little bit faster with cmake for the most common cases.
You can apply debug options to `tests/server` with these new options:
- `./configure`: `--enable-server-debug`.
- cmake: `-DENABLE_SERVER_DEBUG`.
Also sync the way we pass these macros in autotools, with CMake builds.
Before this patch, autotools passed them via `curl_config.h`. After this
patch it passes them on the command-line, like cmake builds do.
This patch also make these option no longer passed to examples and
`http/client` in cmake builds, where they were no-ops anyway.
Ref: #15000Closes#16705
Sync it with cmake to:
- exclude it from all builds except Windows and Cygwin.
- exclude it from unity builds for Cygwin to avoid the included
`windows.h` header interfere with the rest of the code.
Also:
- fix to trim ending spaces from `CSOURCES` for the `tidy` target.
The solution requires a non-POSIX `-E` `sed` option. Supported by BSD
and GNU implementations.
Follow-up to 37523c91bc#16480
Follow-up to 60c3d04465#14815
Follow-up to 7860f575fe#12408Closes#16712
Allowing 4GB on a 32-bit system is just asking for problems and could in
theory cause integer overflow in the dynbuf code.
The dynbuf now has an assert to catch code trying to set a max larger
than half SIZE_T_MAX.
Reported-by: Rinku Das
Closes#16716
The condition could not happen, as the function is only called from a
single place where the caller already made sure it can't happen. This
change still removes the flawed logic.
Reported-by: Ronald Crane
Closes#16710
Add an extra guard for the function and variable declarations to avoid
redundant redeclaration warnings when including this header multiple
times. This can happen in unity builds when including it again after
`curl_memory.h`.
Fixes:
```
bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c
In file included from lib/mprintf.c:32,
from bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c:7:
lib/memdebug.h:52:14: error: redundant redeclaration of ‘curl_dbg_logfile’ [-Werror=redundant-decls]
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
In file included from tests/server/resolve.c:50,
from bld/tests/server/server_bundle.c:7,
from bld/tests/server/CMakeFiles/servers.dir/Unity/unity_0_c.c:4:
lib/memdebug.h:52:14: note: previous declaration of ‘curl_dbg_logfile’ with type ‘FILE *’
52 | extern FILE *curl_dbg_logfile;
| ^~~~~~~~~~~~~~~~
[...]
lib/memdebug.h:110:17: error: redundant redeclaration of ‘curl_dbg_fclose’ [-Werror=redundant-decls]
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source);
| ^~~~~~~~~~~~~~~
lib/memdebug.h:110:17: note: previous declaration of ‘curl_dbg_fclose’ with type ‘int(FILE *, int, const char *)’
110 | CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source);
| ^~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/13822010778/job/38669360980#step:39:55
Cherry-picked from #15000Closes#16696
Regression from 597ee915c4 (not shipped in a release)
Reported-by: Carlos Henrique Lima Melara
Assisted-by: Scott Talbert
Added such a cookie to test 31.
Fixes#16692Closes#16703
Before this patch, standard `E*` errno codes were redefined on Windows,
onto matching winsock2 `WSA*` error codes, which have different values.
This broke uses where using the `E*` value in non-socket context, or
other places expecting a POSIX `errno`, e.g. file I/O, threads, IDN or
interfacing with dependencies.
Fix it by introducing a curl-specific `SOCKE*` set of macros that map to
`WSA*` on Windows and standard POSIX codes on other platforms. Then
verify and update the code to use `SOCKE*` or `E*` macro depending on
context.
- Add `SOCKE*` macros that map to either winsock2 or POSIX error codes.
And use them with `SOCKERRNO` or in contexts requiring
platform-dependent socket error codes.
This fixes `E*` uses which were supposed be POSIX values, not `WSA*`
socket errors, on Windows:
- lib/curl_multibyte.c
- lib/curl_threads.c
- lib/idn.c
- lib/vtls/gtls.c
- lib/vtls/rustls.c
- src/tool_cb_wrt.c
- src/tool_dirhie.c
- Ban `E*` codes having a `SOCKE*` mapping, via checksrc.
Authored-by: Daniel Stenberg
- Add exceptions for `E*` codes used in file I/O, or other contexts
requiring POSIX error codes.
Also:
- ftp: fix missing `SOCKEACCES` mapping for Windows.
- add `SOCKENOMEM` for `Curl_getaddrinfo()` via `asyn-thread.c`.
- tests/server/sockfilt: fix to set `SOCKERRNO` in local `select()`
override on Windows.
- lib/inet_ntop: fix to return `WSAEINVAL` on Windows, where `ENOSPC` is
used on other platforms. To simulate Windows' built-in `inet_ntop()`,
as tested on a Win10 machine.
Note:
- WINE returns `STATUS_INVALID_PARAMETER` = `0xC000000D`.
- Microsoft documentation says it returns `WSA_INVALID_PARAMETER`
(= `ERROR_INVALID_PARAMETER`) 87:
https://learn.microsoft.com/windows/win32/api/ws2tcpip/nf-ws2tcpip-inet_ntop#return-value
- lib/inet_ntop: drop redundant `CURL_SETERRNO(ENOSPC)`.
`inet_ntop4()` already sets it before returning `NULL`.
- replace stray `WSAEWOULDBLOCK` with `USE_WINSOCK` macro to detect
winsock2.
- move existing `SOCKE*` mappings from `tests/server` to
`curl_setup_once.h`.
- add missing `EINTR`, `EINVAL` constants for WinCE.
Follow-up to abf80aae38#16612
Follow-up to d69425ed7d#16615
Bug: https://github.com/curl/curl/pull/16553#issuecomment-2704679377Closes#16621
Before this patch, building tests/server (or curl with winbuild) was
broken in rare builds when many features were explicitly disabled.
Fix it by enabling base64 functions unconditionally when building
for anything other than libcurl.
Closes#16691
The protocol handlers' done() function would previous get called
unconditionally in multi_done(), no matter how far the easy handle's
state machine has transitioned.
This caused problems in IMAP which in imap_connect() initializes things
that the imap_done() function assumes has occured. I think that seems
like a correct assumption and we should rather make sure that the done()
function is only called if we have reached the PROTOCONNECT state.
This problem was found using OSS-Fuzz.
Assisted-by: Catena cyber
Closes#16681
The line conversion reader, added in crfl and prefer_ascii mode was
incrementing data->state.infilesize for every line end converted. This
results in the wrong size to start a retry of an upload.
Eliminate the increment and check upload size in FTP less precise when
conversions are done.
Bug: https://issues.oss-fuzz.com/issues/402476456Closes#16683
The curl tool and tests/server used 2 parallel implementations
of libcurl's `Curl_now()` and `Curl_timediff()` functions.
Make them use the libcurl one.
Closes#16653
- if there are pending internal handles left in the list, they are
leftovers (from for example Doh) and must be freed.
- unlink_all_msgsent_handles() did not properly move all msgsent
handles over to the process list as intended
Fixes a DoH memory leak found by oss-fuzz.
Add test 2101 that can reproduce and verify.
Closes#16674
ssh's disconnect assumed that the session to the server could be
shut down successfully during disconnect. When this failed, e.g.
timed out, memory was leaked.
Closes#16668
ssh's disconnect assumed that the session to the server could be shut
down successfully during disconnect. When this failed, e.g. timed out,
memory was leaked.
Closes#16659
ssh's disconnect assumed that the session to the server could be shut
down successfully during disconnect. When this failed, e.g. timed out,
memory was leaked.
Closes#16656
The issues found fell into these categories, with the applied fixes:
- const was accidentally stripped.
Adjust code to not cast or cast with const.
- const/volatile missing from arguments, local variables.
Constify arguments or variables, adjust/delete casts. Small code
changes in a few places.
- const must be stripped because an API dependency requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our control. These happen at API boundaries. Sometimes they depend
on dependency version, which this patch handles as necessary. Also
enable const support for the zlib API, using `ZLIB_CONST`. Supported
by zlib 1.2.5.2 and newer.
- const must be stripped because a curl API requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our immediate control. For example we promise to send a non-const
argument to a callback, though the data is const internally.
- other cases where we may avoid const stripping by code changes.
Also silenced with `CURL_UNCONST()`.
- there are 3 places where `CURL_UNCONST()` is cast again to const.
To silence this type of warning:
```
lib/vquic/curl_osslq.c:1015:29: error: to be safe all intermediate
pointers in cast from 'unsigned char **' to 'const unsigned char **'
must be 'const' qualified [-Werror=cast-qual]
lib/cf-socket.c:734:32: error: to be safe all intermediate pointers in
cast from 'char **' to 'const char **' must be 'const' qualified
[-Werror=cast-qual]
```
There may be a better solution, but I couldn't find it.
These cases are handled in separate subcommits, but without further
markup.
If you see a `-Wcast-qual` warning in curl, we appreciate your report
about it.
Closes#16142
CURLRES_ASYNCH - is for when built to use an async name resolver; threaded or
c-ares
USE_CURL_ASYNC - is for when built to use either an async name resolver OR DoH
Reported-by: Lars Karlitski
Fixes#16645Closes#16648
It contains a series of bugfixes and updates applied to libcurl's
`Curl_wait_ms()` over the years, but missed from the copy in
`tests/server/util.c`:
- d65321f939,
52e822173a,
5912da253b
- 4a8f459837
- 1ad49feb71
It fixes `wait_ms()` to check for, and return `SOCKERRNO`. Fixing error
handling on Windows.
Also:
- tests/server: change callers to check `SOCKERRNO`.
- `wait_ms()`: fix to check for the correct error code on Windows.
Pending for `Curl_wait_ms()`: #16621.
- `Curl_wait_ms()`: tidy-up `Sleep()` argument cast (nit).
- lib/curl_trc: drop an unused header.
Closes#16627
The only user is error display code following an `mkdir()` call. In this
case the redefinition didn't cause an issue, but was unnecessary.
Follow-up to d69425ed7d#16615Closes#16620
These were not used in curl sources at all.
Except `EDQUOT` which was used after `mkdir()` in `src/tool_dirhie.c`
for error display. It should not be redefined to a winsock2 error.
This makes the "exceeded your quota" error correctly appear on Windows,
if detected, after operations that create directories.
After this patch there remain 14 `E*` macro redefines on Windows,
down from 40 before this patch.
Bug: https://github.com/curl/curl/pull/16553#issuecomment-2704679377
Ref: #16612
Ref: #16605Closes#16615
1.2.5.2 was released on 2011-12-18. (vs. 1.2.0.4 on 2003-08-10)
It allows to:
- use `Z_BLOCK` unconditionally.
- use `inflateReset2()` to replace `inflateEnd()` + `inflateInit2()`
and save a memory allocation.
- use `Z_CONST` and `z_const` (in a future commit).
Suggested-by: Dan Fandrich
Ref: https://github.com/curl/curl/pull/16142#discussion_r1985449743Closes#16616
Quiche needs to find easy handles to events. Do this by iterating
over the filters stream hash and lookup the easy handle on a match.
This O(+streams-in-filter) vs O(all easy handles), at least once
we fix the multi lookup to use a hash.
Closes#16607
Seen with downloaded mingw 7.3.0 when built against MSYS2 mbedTLS 3.6.2:
```
lib/vtls/cipher_suite.c: In function 'cs_zip_to_str':
lib/vtls/cipher_suite.c:789:16: error: conversion to 'uint8_t {aka unsigned char}' from 'int' may alter its value [-Werror=conversion]
indexes[1] = ((zip[0] << 4) & 0x3F) | zip[1] >> 4;
^
lib/vtls/cipher_suite.c:790:16: error: conversion to 'uint8_t {aka unsigned char}' from 'int' may alter its value [-Werror=conversion]
indexes[2] = ((zip[1] << 2) & 0x3F) | zip[2] >> 6;
^
lib/vtls/cipher_suite.c:793:16: error: conversion to 'uint8_t {aka unsigned char}' from 'int' may alter its value [-Werror=conversion]
indexes[5] = ((zip[3] << 4) & 0x3F) | zip[4] >> 4;
^
lib/vtls/cipher_suite.c:794:16: error: conversion to 'uint8_t {aka unsigned char}' from 'int' may alter its value [-Werror=conversion]
indexes[6] = ((zip[4] << 2) & 0x3F) | zip[5] >> 6;
^
```
Ref: https://github.com/curl/curl/actions/runs/13719756989/job/38372409927?pr=16429#step:10:21
Cherry-picked from #16429Closes#16614
Iterate over the filters stream hash instead, lookup easy handles
at the multi when needed.
This also limits to pollset array sizes to the number of streams
on the connection and not the total number of transfers in the multi.
Closes#16611
