curl segfaulting since build on 2022-11-23

[DasSkelett]

Hey, it looks like something is wrong with the current builds. In all three variants, the curl binary in the image is crashing when using it:

# Container image ghcr.io/unasuke/curl-http3:quiche-latest from 2022-11-24
$ curl --http3 -v --silent --insecure "https://nginxquic:443"
/usr/bin/bash: line 138: 11 Segmentation fault (core dumped) curl --http3 -v --silent --insecure "https://nginxquic:443"

The actions in this repository also fail: https://github.com/unasuke/curl-http3/actions/runs/3528141977/jobs/5918021225

[unasuke]

@DasSkelett Thank you for your report. As far as I have tried, the segmentation fault does not seem to occur. Could you please elaborate more on the following?

• Do segmentation faults always occur?
• Does the segmentation fault occur on quiche, ngtcp, or msh3?
• What is the environment in which you are running the docker container?
• What is the entity of https://nginxquic:443 ?

$ docker run -it --rm ghcr.io/unasuke/curl-http3:quiche-2022-11-27 bash
Unable to find image 'ghcr.io/unasuke/curl-http3:quiche-2022-11-27' locally
quiche-2022-11-27: Pulling from unasuke/curl-http3
e96e057aae67: Pull complete
a8c066c003d7: Pull complete
35c48a0e86c4: Pull complete
7bbcedf095e1: Pull complete
e107cb68cc1e: Pull complete
63bd3d2722ce: Pull complete
db9548ae4e39: Pull complete
1b85c59526a7: Pull complete
Digest: sha256:b7eebd22929e4a9034d3f6e427c95640ba24b5aa59d0e42859492411610191af
Status: Downloaded newer image for ghcr.io/unasuke/curl-http3:quiche-2022-11-27
root@f4ddf7638853:/# curl --version
curl 7.87.0-DEV (x86_64-pc-linux-gnu) libcurl/7.87.0-DEV BoringSSL quiche/0.16.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTP3 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB SSL threadsafe UnixSockets
root@f4ddf7638853:/# curl --http3 -iv https://nghttp2.org:4433
*   Trying 139.162.123.134:4433...
*  CAfile: none
*  CApath: /etc/ssl/certs
* Connect socket 5 over QUIC to 139.162.123.134:4433
* Sent QUIC client Initial, ALPN: h3,h3-29,h3-28,h3-27
*  subjectAltName: host "nghttp2.org" matched cert's "nghttp2.org"
* Verified certificate just fine
* Connected to nghttp2.org (139.162.123.134) port 4433 (#0)
* Connected to nghttp2.org (139.162.123.134) port 4433 (#0)
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: nghttp2.org:4433]
* h2h3 [user-agent: curl/7.87.0-DEV]
* h2h3 [accept: */*]
* Using HTTP/3 Stream ID: 0 (easy handle 0x562a95bce550)
> GET / HTTP/3
> Host: nghttp2.org:4433
> user-agent: curl/7.87.0-DEV
> accept: */*
>
< HTTP/3 200
HTTP/3 200
< server: nghttp3/ngtcp2 server
server: nghttp3/ngtcp2 server
< content-type: text/html
content-type: text/html
< content-length: 6324
content-length: 6324
...

[DasSkelett]

Looks like this got fixed with the 2022-11-27 build. 2022-11-23 through 2022-11-26 were broken after testing them all.

If you still want to investigate it:

• Yes, the segfault occurs reliably on every attempt
• The segfault occurs in all three variants, quiche, ngtcp2, msh3.
• Happens both in GitLab CI, and my amd64 Ubuntu 22.04 machine
• https://nginxquic:443 corresponds to a container from my self-built nginx-quic image, see https://gitlab.com/DasSkelett/nginx-quic-docker and https://gitlab.com/DasSkelett/nginx-quic-docker/container_registry/3108222 However using e.g. google.com causes the failure as well

The following reproduces it reliably for me:

docker run -it --rm --network=host ghcr.io/unasuke/curl-http3:quiche-2022-11-24 bash

# Inside container:
curl --http3 -v --insecure https://google.com
# Segmentation fault (core dumped)

Whereas replacing --http3 with --http2 or removing it entirely works perfectly fine, so it only affects QUIC/HTTP3.

[unasuke]

Sorry. This problem is exciting, but I have no time to investigate it. 😢 So I close it. Thanks!