Tags: patch Hi Daniel,
If it is allowed, then I would suggest to copy the node in Curl_splayinsert to make sure that memory doesn't get out of scope in a calling function. See the attached patch. My testcase did not crash anymore, but of course the problem is not _that_ much reproducable. Since the splay functions seem to be used internally only, this is surely just a workaround, if it helps at all. Hope this helps. Regards Harri
--- curl-7.15.4.orig/lib/splay.c
+++ curl-7.15.4/lib/splay.c
@@ -23,7 +23,10 @@
#include <stdio.h>
#include <stdlib.h>
+
+#include <malloc.h>
+#include <string.h>
#include "splay.h"
@@ -99,6 +102,10 @@
if (node == NULL)
return t;
+ struct Curl_tree *newnode = malloc(sizeof(struct Curl_tree));
+ memcpy(newnode, node, sizeof(*node));
+ node = newnode;
+
if (t != NULL) {
t = Curl_splay(i,t);
if (compare(i, t->key)==0) {
signature.asc
Description: OpenPGP digital signature
