Bug 250986 - REGRESSION(WebKitRequirements v2022.12.22) [WinCairo] Crash in libcurl while accessing https via proxy
Summary: REGRESSION(WebKitRequirements v2022.12.22) [WinCairo] Crash in libcurl while ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-22 13:29 PST by Fujii Hironori
Modified: 2023-02-21 13:28 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fujii Hironori 2023-01-22 13:29:37 PST 
WinCairo MiniBrowser is crashing while accessing https by using proxy.
Comment 1 Fujii Hironori 2023-01-22 13:29:48 PST 
With the debug libcurl.dll, I'm observing the following assertion failure.

> Assertion failed!
> 
> Program: ...bkit\gb\WebKitLibraries\wincairo\bin64\libcurl.dll
> File: D:\work\WinCairoReq\g\buildtrees\curl\src\7...\openssl.c
> Line: 709
> 
> Expression: data


Backtrace:

> ucrtbased.dll!common_assert_to_message_box<wchar_t>(const wchar_t * const expression, const wchar_t * const file_name, const unsigned int line_number, void * const return_address) Line 388	C++
> ucrtbased.dll!common_assert<wchar_t>(const wchar_t * const expression, const wchar_t * const file_name, const unsigned int line_number, void * const return_address) Line 424	C++
> ucrtbased.dll!_wassert(const wchar_t * expression, const wchar_t * file_name, unsigned int line_number) Line 444	C++
> libcurl.dll!bio_cf_out_write(bio_st * bio, const char * buf, int blen) Line 709	C
> crypto-50.dll!BIO_write(bio_st * b, const void * in, int inl) Line 412	C
> [Inline Frame] ssl-53.dll!tls13_legacy_wire_write(ssl_st * ssl, const unsigned char *) Line 75	C
> ssl-53.dll!tls13_legacy_wire_write_cb(const void * buf, unsigned __int64 n, void * arg) Line 96	C
> ssl-53.dll!tls13_record_send(tls13_record * rec, __int64(*)(const void *, unsigned __int64, void *) wire_write, void * wire_arg) Line 178	C
> ssl-53.dll!tls13_record_layer_write_record(tls13_record_layer * rl, unsigned char content_type, const unsigned char * content, unsigned __int64 content_len) Line 1082	C
> [Inline Frame] ssl-53.dll!tls13_record_layer_write_chunk(tls13_record_layer *) Line 1100	C
> ssl-53.dll!tls13_record_layer_write(tls13_record_layer * rl, unsigned char content_type, const unsigned char * buf, unsigned __int64 n) Line 1117	C
> ssl-53.dll!tls13_handshake_msg_send(tls13_handshake_msg * msg, tls13_record_layer * rl) Line 180	C
> ssl-53.dll!tls13_handshake_send_action(tls13_ctx * ctx, const tls13_handshake_action * action) Line 470	C
> ssl-53.dll!tls13_handshake_perform(tls13_ctx * ctx) Line 410	C
> ssl-53.dll!tls13_legacy_connect(ssl_st * ssl) Line 463	C
> libcurl.dll!ossl_connect_step2(Curl_cfilter * cf, Curl_easy * data) Line 3901	C
> libcurl.dll!ossl_connect_common(Curl_cfilter * cf, Curl_easy * data, bool nonblocking, bool * done) Line 4441	C
> libcurl.dll!ossl_connect_nonblocking(Curl_cfilter * cf, Curl_easy * data, bool * done) Line 4475	C
> libcurl.dll!ssl_connect_nonblocking(Curl_cfilter * cf, Curl_easy * data, bool * done) Line 358	C
> libcurl.dll!ssl_cf_connect(Curl_cfilter * cf, Curl_easy * data, bool blocking, bool * done) Line 1526	C
> libcurl.dll!Curl_conn_connect(Curl_easy * data, int sockindex, bool blocking, bool * done) Line 367	C
> libcurl.dll!multi_runsingle(Curl_multi * multi, curltime * nowp, Curl_easy * data) Line 2070	C
> libcurl.dll!curl_multi_perform(Curl_multi * multi, int * running_handles) Line 2690	C
> WebCore.dll!WebCore::CurlMultiHandle::perform(int & runningHandles) Line 281	C++
> WebCore.dll!WebCore::CurlRequestScheduler::workerThread() Line 176	C++
> WebCore.dll!WebCore::CurlRequestScheduler::startOrWakeUpThread::__l2::<lambda_1>::operator()() Line 99	C++
> WebCore.dll!WTF::Detail::CallableWrapper<`WebCore::CurlRequestScheduler::startOrWakeUpThread'::`2'::<lambda_1>,void>::call() Line 53	C++
> WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 83	C++
> WTF.dll!WTF::Thread::entryPoint(WTF::Thread::NewThreadContext * newThreadContext) Line 250	C++
> WTF.dll!WTF::wtfThreadEntryPoint(void * data) Line 151	C++
> ucrtbase.dll!thread_start<unsigned int (__cdecl*)(void *),1>()	Unknown
> kernel32.dll!00007ff986977614()	Unknown
> ntdll.dll!00007ff9870626a1()	Unknown
Comment 3 Fujii Hironori 2023-01-22 17:10:18 PST 
the data is being cleared in the following callstack.
ssl_cf_connect set the data by calling cf_ctx_set_data.
But, it's cleared in the callback didReceiveHeaderCallback.

> libcurl.dll!cf_ctx_set_data(Curl_cfilter * cf, Curl_easy * data) Line 325	C
> libcurl.dll!Curl_ssl_get_internals(Curl_easy * data, int sockindex, CURLINFO info, int n) Line 1725	C
> libcurl.dll!getinfo_slist(Curl_easy * data, CURLINFO info, curl_slist * * param_slistp) Line 536	C
> libcurl.dll!Curl_getinfo(Curl_easy * data, CURLINFO info, ...) Line 604	C
> libcurl.dll!curl_easy_getinfo(Curl_easy * data, CURLINFO info, ...) Line 816	C
> WebCore.dll!WebCore::CurlHandle::sslConnection() Line 802	C++
> WebCore.dll!WebCore::CurlHandle::certificateInfo() Line 944	C++
> WebCore.dll!WebCore::CurlRequest::didReceiveHeader(WTF::String && header) Line 384	C++
> WebCore.dll!WebCore::CurlRequest::didReceiveHeaderCallback(char * ptr, unsigned __int64 blockSize, unsigned __int64 numberOfBlocks, void * userData) Line 824	C++
> libcurl.dll!chop_write(Curl_easy * data, int type, char * optr, unsigned __int64 olen) Line 633	C
> libcurl.dll!Curl_client_write(Curl_easy * data, int type, char * ptr, unsigned __int64 len) Line 678	C
> libcurl.dll!recv_CONNECT_resp(Curl_easy * data, connectdata * conn, tunnel_state * ts, bool * done) Line 583	C
> libcurl.dll!CONNECT(Curl_cfilter * cf, Curl_easy * data, tunnel_state * ts) Line 991	C
> libcurl.dll!http_proxy_cf_connect(Curl_cfilter * cf, Curl_easy * data, bool blocking, bool * done) Line 1084	C
> libcurl.dll!ssl_cf_connect(Curl_cfilter * cf, Curl_easy * data, bool blocking, bool * done) Line 1512	C
> libcurl.dll!Curl_conn_connect(Curl_easy * data, int sockindex, bool blocking, bool * done) Line 367	C
> libcurl.dll!multi_runsingle(Curl_multi * multi, curltime * nowp, Curl_easy * data) Line 2070	C
> libcurl.dll!curl_multi_perform(Curl_multi * multi, int * running_handles) Line 2690	C
> WebCore.dll!WebCore::CurlMultiHandle::perform(int & runningHandles) Line 281	C++
> WebCore.dll!WebCore::CurlRequestScheduler::workerThread() Line 176	C++
> WebCore.dll!WebCore::CurlRequestScheduler::startOrWakeUpThread::__l2::<lambda_1>::operator()() Line 99	C++
> WebCore.dll!WTF::Detail::CallableWrapper<`WebCore::CurlRequestScheduler::startOrWakeUpThread'::`2'::<lambda_1>,void>::call() Line 53	C++
> WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 83	C++
> WTF.dll!WTF::Thread::entryPoint(WTF::Thread::NewThreadContext * newThreadContext) Line 250	C++
> WTF.dll!WTF::wtfThreadEntryPoint(void * data) Line 151	C++
> ucrtbase.dll!thread_start<unsigned int (__cdecl*)(void *),1>()	Unknown
> kernel32.dll!00007ff986977614()	Unknown
> ntdll.dll!00007ff9870626a1()	Unknown
Comment 4 Fujii Hironori 2023-01-22 18:44:25 PST 
Assertion failure in bio_cf_out_write if CURLOPT_HEADERFUNCTION callback gets CURLINFO_TLS_SSL_PTR · Issue #10336 · curl/curl
https://github.com/curl/curl/issues/10336