Cherry pick dangling data pointer fix for curl

WebKitForWindows · Jul 3, 2018 · 95a6431 · 95a6431
1 parent 966bc0d
commit 95a6431
Show file tree

Hide file tree

Showing 3 changed files with 195 additions and 0 deletions.
diff --git a/ports/curl/patches/0002-cppcheck-fix-warnings.patch b/ports/curl/patches/0002-cppcheck-fix-warnings.patch
@@ -0,0 +1,106 @@
+From c45360d4633850839bb9c2d77dbf8a8285e9ad49 Mon Sep 17 00:00:00 2001
+From: Marian Klymov <[email protected]>
+Date: Sat, 2 Jun 2018 23:52:56 +0300
+Subject: [PATCH] cppcheck: fix warnings
+
+- Get rid of variable that was generating false positive warning
+(unitialized)
+
+- Fix issues in tests
+
+- Reduce scope of several variables all over
+
+etc
+
+Closes #2631
+---
+ lib/base64.c              |  3 +--
+ lib/connect.c             |  6 +-----
+ lib/content_encoding.c    |  8 +++-----
+ lib/cookie.c              |  7 +++----
+ lib/curl_sasl.c           |  3 +--
+ lib/dict.c                |  6 +++---
+ lib/escape.c              |  6 ++----
+ lib/file.c                |  6 +++---
+ lib/formdata.c            |  3 +--
+ lib/ftp.c                 | 13 ++++++-------
+ lib/hash.c                | 11 ++++-------
+ lib/http.c                | 10 ++++------
+ lib/http_proxy.c          |  2 +-
+ lib/imap.c                |  8 ++++----
+ lib/mime.c                | 32 +++++++++++---------------------
+ lib/multi.c               |  7 +++----
+ lib/pingpong.c            |  3 +--
+ lib/pop3.c                |  4 ++--
+ lib/progress.c            | 39 ++++++++++++++++++++-------------------
+ lib/rtsp.c                |  6 ++----
+ lib/select.c              |  8 +++++---
+ lib/sendf.c               |  2 +-
+ lib/sendf.h               |  4 ++--
+ lib/sha256.c              | 12 ++++++------
+ lib/smtp.c                |  2 +-
+ lib/socks.c               |  8 ++++----
+ lib/splay.c               |  3 +--
+ lib/telnet.c              | 32 ++++++++++++++++----------------
+ lib/tftp.c                | 16 +++++++---------
+ lib/transfer.c            |  2 +-
+ lib/url.c                 | 15 +++++++--------
+ lib/vauth/digest.c        |  6 +++---
+ src/tool_cb_dbg.c         | 10 +++++-----
+ src/tool_cb_prg.c         | 12 ++++++------
+ src/tool_formparse.c      |  5 ++---
+ src/tool_getparam.c       |  6 ++----
+ src/tool_libinfo.c        |  2 +-
+ src/tool_msgs.c           |  2 +-
+ src/tool_paramhlp.c       | 10 +++++-----
+ src/tool_parsecfg.c       |  8 +++-----
+ src/tool_urlglob.c        |  2 +-
+ src/tool_writeout.c       |  4 ++--
+ tests/libtest/lib1537.c   | 15 +++++----------
+ tests/libtest/lib1554.c   |  3 +--
+ tests/libtest/lib1900.c   |  8 ++++----
+ tests/libtest/lib506.c    |  2 +-
+ tests/libtest/lib512.c    |  6 ++----
+ tests/libtest/lib556.c    |  2 +-
+ tests/libtest/lib579.c    |  3 +--
+ tests/libtest/lib586.c    |  2 +-
+ tests/libtest/testtrace.c |  2 +-
+ tests/server/getpart.c    |  2 +-
+ tests/server/rtspd.c      | 18 +++++++-----------
+ tests/server/sockfilt.c   | 29 ++++++++++++-----------------
+ tests/server/sws.c        |  5 ++---
+ tests/server/testpart.c   |  6 +++---
+ tests/server/tftpd.c      | 16 +++++++---------
+ tests/server/util.c       |  5 ++---
+ tests/unit/unit1300.c     |  2 +-
+ tests/unit/unit1303.c     |  2 +-
+ tests/unit/unit1307.c     |  4 ++--
+ 61 files changed, 213 insertions(+), 273 deletions(-)
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 1a27ae1353..12ae817e31 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -1237,8 +1237,6 @@ static int conn_is_conn(struct connectdata *conn, void *param)
+ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+                                   struct connectdata **connp)
+ {
+-  curl_socket_t sockfd;
+-
+   DEBUGASSERT(data);
+
+   /* this works for an easy handle:
+@@ -1264,12 +1262,10 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+     if(connp)
+       /* only store this if the caller cares for it */
+       *connp = c;
+-    sockfd = c->sock[FIRSTSOCKET];
++    return c->sock[FIRSTSOCKET];
+   }
+   else
+     return CURL_SOCKET_BAD;
+-
+-  return sockfd;
+ }
+
+ /*
diff --git a/ports/curl/patches/0003-url-fix-dangling-conn-data-pointer.patch b/ports/curl/patches/0003-url-fix-dangling-conn-data-pointer.patch
@@ -0,0 +1,86 @@
+From 2c15693a3c355d8296a1828123a864397296460b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Wed, 20 Jun 2018 23:00:36 +0200
+Subject: [PATCH] url: fix dangling conn->data pointer
+
+By masking sure to use the *current* easy handle with extracted
+connections from the cache, and make sure to NULLify the ->data pointer
+when the connection is put into the cache to make this mistake easier to
+detect in the future.
+
+Reported-by: Will Dietz
+Fixes #2669
+Closes #2672
+---
+ lib/conncache.c | 3 ++-
+ lib/connect.c   | 6 ++++--
+ lib/url.c       | 2 +-
+ 3 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/conncache.c b/lib/conncache.c
+index 6bd06582a6..0665429154 100644
+--- a/lib/conncache.c
++++ b/lib/conncache.c
+@@ -6,7 +6,7 @@
+  *                             \___|\___/|_| \_\_____|
+  *
+  * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <[email protected]>
+- * Copyright (C) 2012 - 2017, Daniel Stenberg, <[email protected]>, et al.
++ * Copyright (C) 2012 - 2018, Daniel Stenberg, <[email protected]>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -451,6 +451,7 @@ bool Curl_conncache_return_conn(struct connectdata *conn)
+   }
+   CONN_LOCK(data);
+   conn->inuse = FALSE; /* Mark the connection unused */
++  conn->data = NULL; /* no owner */
+   CONN_UNLOCK(data);
+
+   return (conn_candidate == conn) ? FALSE : TRUE;
+diff --git a/lib/connect.c b/lib/connect.c
+index 12ae817e31..41f2202681 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2017, Daniel Stenberg, <[email protected]>, et al.
++ * Copyright (C) 1998 - 2018, Daniel Stenberg, <[email protected]>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -1259,9 +1259,11 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+       return CURL_SOCKET_BAD;
+     }
+
+-    if(connp)
++    if(connp) {
+       /* only store this if the caller cares for it */
+       *connp = c;
++      c->data = data;
++    }
+     return c->sock[FIRSTSOCKET];
+   }
+   else
+diff --git a/lib/url.c b/lib/url.c
+index d29eddaea7..0cab0a303d 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -965,6 +965,7 @@ static bool extract_if_dead(struct connectdata *conn,
+        use */
+     bool dead;
+
++    conn->data = data;
+     if(conn->handler->connection_check) {
+       /* The protocol has a special method for checking the state of the
+          connection. Use it to check if the connection is dead. */
+@@ -979,7 +980,6 @@ static bool extract_if_dead(struct connectdata *conn,
+     }
+
+     if(dead) {
+-      conn->data = data;
+       infof(data, "Connection %ld seems to be dead!\n", conn->connection_id);
+       Curl_conncache_remove_conn(conn, FALSE);
+       return TRUE;
diff --git a/ports/curl/portfile.cmake b/ports/curl/portfile.cmake
@@ -16,6 +16,9 @@ vcpkg_apply_patches(
     SOURCE_PATH ${SOURCE_PATH}
     PATCHES
         ${CMAKE_CURRENT_LIST_DIR}/patches/0001-Adjust-CMake-for-vcpkg.patch
+        # Remove after 7.61.0 release
+        ${CMAKE_CURRENT_LIST_DIR}/patches/0002-cppcheck-fix-warnings.patch
+        ${CMAKE_CURRENT_LIST_DIR}/patches/0003-url-fix-dangling-conn-data-pointer.patch
 )
 
 # Run CMake build