why this c++ code that use libcurl throw error in runtime but when i use valgrind it does not throw any error

huangapple go评论73阅读模式
英文:

why this c++ code that use libcurl throw error in runtime but when i use valgrind it does not throw any error

问题

当我使用g++编译这段代码时,它不会抛出任何错误,但在运行时会抛出错误,如"double free or corruption (fasttop)"或"tcache_thread_shutdown(): unaligned tcache chunk detected"。

我期望这个程序会向服务器发送许多请求,以检查页面是否存在(用于道德目的的目录爆破)。

英文:

when i compile this code with g++ it doesn't throw any error, but in runtime it throw error like
double free or corruption (fasttop)
or tcache_thread_shutdown(): unaligned tcache chunk detected

#include <iostream>
#include <thread>
#include <vector>
#include <curl/curl.h>
#include <fstream>
#include "arguments.cpp"
using namespace std;


int main(int argc, char* argv[]) {
    const int THREAD_BATCH_SIZE = 100; // set the batch size
    string userurl;
    string wordlistfile;
    arguments(argc, argv, &userurl, &wordlistfile);
    std::vector<std::thread> threads;
    int count = 0;
    ifstream wordlistcount(wordlistfile);
    string comurl = "";
    string word;
    while(getline(wordlistcount, word)) {
        count++;
    }
    ifstream wordlist(wordlistfile);
    for (int i = 1; i <= count; i++) {
        if ((i - 1) % THREAD_BATCH_SIZE == 0) {
            threads.emplace_back([&] { // creates and starts a thread
                CURL* curl = curl_easy_init(); // initialize a new CURL object for each thread
                curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
                CURLcode res;
                long http_code;
                char *url = NULL;

                for (int j = 1; j <= THREAD_BATCH_SIZE; j++) {
                    getline(wordlist, word);
                    comurl = userurl + word;
                    curl_easy_setopt(curl, CURLOPT_URL, comurl.c_str());
                    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "HEAD");
                    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 0);
                    res = curl_easy_perform(curl);
                    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
                    curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &url); //CURLINFO_EFFECTIVE_URL

                    string color;

                    if (http_code < 200) {color = "3[1;34m"; /* yellow */}
                    else if (http_code < 300) {color = "3[1;32m"; /* green */}
                    else if (http_code < 400) {color = "3[1;33m"; /* blue */}
                    else if (http_code < 500) {color = "3[1;35m"; /* purple */}
                    else if (http_code < 600) {color = "3[1;31m"; /* red */}
                    if (http_code != 0 && http_code != 404 && url != NULL) {
                        cout << color << http_code << "   3[0;97m /" << url << endl;
                    }
                }
                curl_easy_cleanup(curl); // cleanup the CURL object after processing the thread batch
            });
        }
    }
    for (auto& t : threads) { // wait for all threads to finish
        t.join();
    }
    return 0;
}

i expected that this program will send many request to a server to check if the page existe (directory bruteforce for an ethical purpose)

答案1

得分: 2

getline(wordlist, word);

这行代码似乎由多个执行线程执行。多个执行线程似乎尝试从相同的输入流中读取到 word

C++库中的所有类都不是线程安全的,包括 word,这是一个被多个执行线程涂写的单一对象。

这是未定义行为。

comurl = userurl + word;

comurl 也是一个单一对象,在主函数中实例化,多个执行线程尝试在这里修改它,互相干扰,导致更多未定义行为。

在所示的代码中可能存在更多未定义行为,我在这一点上停止了分析。


<details>
<summary>英文:</summary>

getline(wordlist, word);

It looks like this line gets executed by multiple execution threads. Multiple execution threads appear to be trying to read from the same input stream, into `word`.

None of the classes in the C++ library are thread-safe, including `word`, a single object that&#39;s being scribbled over by multiple execution threads.

This is undefined behavior.

comurl = userurl + word;

`comurl` is also a single object, instantiated in main, that multiple execution threads attempt to modify here, stomping all over each other, and creating more undefined behavior.

There may be more instances of undefined behavior in the shown code, I stopped the analysis at this point.

</details>



huangapple
  • 本文由 发表于 2023年2月20日 00:55:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/75501805.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定