PHP :: Bug #47616 :: curl keeps crashing

Bug #47616	curl keeps crashing
Submitted:	2009-03-10 21:42 UTC	Modified:	2009-03-16 15:10 UTC
From:	phpbugs at rizzt dot kicks-ass dot org	Assigned:	felipe (profile)
Status:	Closed	Package:	cURL related
PHP Version:	5.2.9	OS:	fedora 8,10
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-03-10 21:42 UTC] phpbugs at rizzt dot kicks-ass dot org

Description:
------------
After upgrading to PHP 5.2.9, the code below does not run anymore.
It is not possible to reproduce the bug with a simple script.

This code terminates in 5.2.9 always, but runs in 5.2.8 without any 
problems.

I do not know if it happens using the same resource or only 
curl_setopt.

Reproduce code:
---------------
$ch = curl_init($url);
echo "ok";
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
echo "never shows";



Expected result:
----------------
ok
never shows

Actual result:
--------------
ok

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-03-10 23:28 UTC] pajoye@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2009-03-11 12:21 UTC] phpbugs at rizzt dot kicks-ass dot org

Here is the backtrace

'./configure'  '--with-openssl' '--with-mysql' '--with-gd' '--with-
freetype-dir=/usr' '--with-png-dir' '--with-jpeg-dir' '--with-curl' 
'--with-zlib' '--with-bz2' '--enable-pcntl' '--with-
apxs2=/usr/local/apache2/bin/apxs' '--enable-debug'

(gdb) frame 5
#5  0x00007ffff75a3bdd in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fffffff0880)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:200
200                             ((zend_internal_function *) 
EX(function_state).function)->handler(opline->extended_value, 
EX_T(opline->result.u.var).var.ptr, EX(function_state).function-
>common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, 
EX(object), return_value_used TSRMLS_CC);


#0  0x0000003093c841de in memcpy () from /lib64/libc.so.6
#1  0x00000030a4621b0e in Curl_setopt () from /usr/lib64/libcurl.so.4
#2  0x00000030a462a8f2 in curl_easy_setopt () from 
/usr/lib64/libcurl.so.4
#3  0x00007ffff736cdef in _php_curl_setopt (ch=0xc52ee0, 
option=10015,
    zvalue=0xa60d68, return_value=0xc4dd18)
    at /home/inst/php-5.2.9/ext/curl/interface.c:1554
#4  0x00007ffff736da95 in zif_curl_setopt (ht=<value optimized out>,
    return_value=0xc4dd18, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value 
optimized out>)
    at /home/inst/php-5.2.9/ext/curl/interface.c:1668
#5  0x00007ffff75a3bdd in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fffffff0880)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:200
#6  0x00007ffff7590174 in execute (op_array=0x98bbe0)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:92
#7  0x00007ffff75a34ee in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fffffffbc50)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:234
#8  0x00007ffff7590174 in execute (op_array=0xa6f950)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:92
#9  0x00007ffff756cdcb in zend_execute_scripts (type=8,
    retval=<value optimized out>, file_count=3)
    at /home/inst/php-5.2.9/Zend/zend.c:1134
#10 0x00007ffff75289ea in php_execute_script 
(primary_file=0x7fffffffe0d0)
    at /home/inst/php-5.2.9/main/main.c:2023
#11 0x00007ffff75e1f9f in php_handler (r=0x989178)
    at /home/inst/php-5.2.9/sapi/apache2handler/sapi_apache2.c:632
#12 0x000000000043d066 in ap_run_handler ()
#13 0x000000000043d902 in ap_invoke_handler ()
#14 0x000000000045e67f in ap_process_request ()
#15 0x000000000045b64f in ap_process_http_connection ()
#16 0x0000000000446402 in ap_run_process_connection ()
#17 0x0000000000446844 in ap_process_connection ()
#18 0x00000000004822a4 in child_main ()
#19 0x000000000048238a in make_child ()
#20 0x000000000048292e in ap_mpm_run ()
#21 0x00000000004243a6 in main ()

[2009-03-11 14:00 UTC] jani@php.net

Curl bugs are not PHP bug. Please report to curl people. (does not crash for me..)

[2009-03-16 14:21 UTC] phpbugs at rizzt dot kicks-ass dot org

It seems to crash when I pass an integer to url_setopt($ch, 
CURLOPT_POSTFIELDS, $var); With a string it works fine.

I have compiled 5.2.8 with the exact same settings and it works. 

I can confirm these crashes with fedora 8,10 and suse 11.

/usr/lib64/libcurl.so.4.1.1

/usr/lib64/libcurl.so.4.1.0

/usr/lib64/libcurl.so.4.0.1

Maybe that helps a little bit more.

[2009-03-16 15:00 UTC] phpbugs at rizzt dot kicks-ass dot org

i debugged it for you.

ext/curl/interface.c

around line 1555 you pass Z_STRVAL_PP(zvalue) to curl. in this case 
no type conversion is done and it passes 60 instead of a pointer to 
the string.

#if LIBCURL_VERSION_NUM >= 0x071101
/* with curl 7.17.0 and later, we can use COPYPOSTFIELDS, but we have 
to provide size before */
error = curl_easy_setopt(ch->cp, CURLOPT_POSTFIELDSIZE, 
Z_STRLEN_PP(zvalue));
error = curl_easy_setopt(ch->cp, CURLOPT_COPYPOSTFIELDS, 
Z_STRVAL_PP(zvalue));
#else

[2009-03-16 15:10 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2.10, 5.3 and HEAD.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Mar 04 06:01:27 2025 UTC