Misuse of libidn memory
An old issue from Wget that has crept across to Wget2:
In libwget/iri.c
and the function iri_free_content()
, the iri->host
memory-block can come from idna_to_ascii_8z()
(depending on how Wget2 was configured).
In other words, if using IDNA as a DLL on Windows, this memory could have been allocated by another CRT. So idna_free()
should be called to free this block.
In MSVC-2015 and using a MinGW compiled libidn.dll.a
, this issue is clear since different CRTs are used; MSVCRT.DLL
vs VCRUNTIME140.DLL+UCRTBASE.DLL
. Callstack from test.exe
:
ntdll!RtlpFreeHeap+0x7b5
ntdll!RtlFreeHeap+0x758
ucrtbase!_free_base+0x1b
ucrtbase!free+0x18
libwget2!wget_iri_free_content(struct wget_iri_st * iri = 0x02bcdf88)+0x22
test!invoke_main+0x1d
test!__scrt_common_main_seh(void)+0xff
...
Maybe the same issue for IDN2 (I have no experience with it).