英文:
why this c++ code that use libcurl throw error in runtime but when i use valgrind it does not throw any error
问题
当我使用g++编译这段代码时,它不会抛出任何错误,但在运行时会抛出错误,如"double free or corruption (fasttop)"或"tcache_thread_shutdown(): unaligned tcache chunk detected"。
我期望这个程序会向服务器发送许多请求,以检查页面是否存在(用于道德目的的目录爆破)。
英文:
when i compile this code with g++ it doesn't throw any error, but in runtime it throw error like
double free or corruption (fasttop)
or tcache_thread_shutdown(): unaligned tcache chunk detected
#include <iostream>
#include <thread>
#include <vector>
#include <curl/curl.h>
#include <fstream>
#include "arguments.cpp"
using namespace std;
int main(int argc, char* argv[]) {
const int THREAD_BATCH_SIZE = 100; // set the batch size
string userurl;
string wordlistfile;
arguments(argc, argv, &userurl, &wordlistfile);
std::vector<std::thread> threads;
int count = 0;
ifstream wordlistcount(wordlistfile);
string comurl = "";
string word;
while(getline(wordlistcount, word)) {
count++;
}
ifstream wordlist(wordlistfile);
for (int i = 1; i <= count; i++) {
if ((i - 1) % THREAD_BATCH_SIZE == 0) {
threads.emplace_back([&] { // creates and starts a thread
CURL* curl = curl_easy_init(); // initialize a new CURL object for each thread
curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
CURLcode res;
long http_code;
char *url = NULL;
for (int j = 1; j <= THREAD_BATCH_SIZE; j++) {
getline(wordlist, word);
comurl = userurl + word;
curl_easy_setopt(curl, CURLOPT_URL, comurl.c_str());
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "HEAD");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 0);
res = curl_easy_perform(curl);
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &url); //CURLINFO_EFFECTIVE_URL
string color;
if (http_code < 200) {color = "3[1;34m"; /* yellow */}
else if (http_code < 300) {color = "3[1;32m"; /* green */}
else if (http_code < 400) {color = "3[1;33m"; /* blue */}
else if (http_code < 500) {color = "3[1;35m"; /* purple */}
else if (http_code < 600) {color = "3[1;31m"; /* red */}
if (http_code != 0 && http_code != 404 && url != NULL) {
cout << color << http_code << " 3[0;97m /" << url << endl;
}
}
curl_easy_cleanup(curl); // cleanup the CURL object after processing the thread batch
});
}
}
for (auto& t : threads) { // wait for all threads to finish
t.join();
}
return 0;
}
i expected that this program will send many request to a server to check if the page existe (directory bruteforce for an ethical purpose)
答案1
得分: 2
getline(wordlist, word);
这行代码似乎由多个执行线程执行。多个执行线程似乎尝试从相同的输入流中读取到 word。
C++库中的所有类都不是线程安全的,包括 word,这是一个被多个执行线程涂写的单一对象。
这是未定义行为。
comurl = userurl + word;
comurl 也是一个单一对象,在主函数中实例化,多个执行线程尝试在这里修改它,互相干扰,导致更多未定义行为。
在所示的代码中可能存在更多未定义行为,我在这一点上停止了分析。
<details>
<summary>英文:</summary>
getline(wordlist, word);
It looks like this line gets executed by multiple execution threads. Multiple execution threads appear to be trying to read from the same input stream, into `word`.
None of the classes in the C++ library are thread-safe, including `word`, a single object that's being scribbled over by multiple execution threads.
This is undefined behavior.
comurl = userurl + word;
`comurl` is also a single object, instantiated in main, that multiple execution threads attempt to modify here, stomping all over each other, and creating more undefined behavior.
There may be more instances of undefined behavior in the shown code, I stopped the analysis at this point.
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论