php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39570 https Segmentation fault
Submitted: 2006-11-21 14:04 UTC Modified: 2006-11-21 15:42 UTC
From: danilo69 at gmail dot com Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.2.0 OS: Linux x86_64
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: danilo69 at gmail dot com
New email:
PHP Version: OS:

 

 [2006-11-21 14:04 UTC] danilo69 at gmail dot com
Description:
------------
https curl crash (segfault)

Reproduce code:
---------------
<?php
$rCurlHandle = curl_init('https://xxxxxx');
$aParam = array();



curl_setopt($rCurlHandle, CURLOPT_VERBOSE, 1);

curl_setopt($rCurlHandle, CURLOPT_TIMEOUT, 60);
curl_setopt($rCurlHandle, CURLOPT_CONNECTTIMEOUT, 60);

curl_setopt($rCurlHandle, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($rCurlHandle, CURLOPT_HEADER, 0);

curl_setopt($rCurlHandle, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($rCurlHandle, CURLOPT_HTTPHEADER, array("Connection: close"));

curl_setopt($rCurlHandle, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($rCurlHandle, CURLOPT_POST, 1);
curl_setopt($rCurlHandle, CURLOPT_POSTFIELDS, http_build_query($aParam));
if (array_key_exists('HTTP_USER_AGENT', $_SERVER))
{
	curl_setopt($rCurlHandle, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
}
print 'pre exec';
$sResponse = curl_exec($rCurlHandle);
print 'post exec';
curl_close($rCurlHandle);
print 'post close';

?>

Expected result:
----------------
no crash

Actual result:
--------------
pre exec* About to connect() to xxxxx port 443
*   Trying xxxxx... * connected
* Connected to xxxxxx port 443
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/curl/curl-ca-bundle.crt
  CApath: none
* SSL connection using 
* Server certificate:
*        subject: xxxxxx
*        start date: 2006-04-18 12:58:10 GMT
*        expire date: 2008-04-17 12:58:10 GMT
*        issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
* SSL certificate verify ok.
> POST xxxx HTTP/1.1
Host: xxx
Accept: */*
Connection: close
Content-Length: 129
Content-Type: application/x-www-form-urlencoded

abc=123< HTTP/1.1 200 OK
< Date: Tue, 21 Nov 2006 13:41:36 GMT
< Server: Apache
< Expires: Mon, 26 Jul 1997 05:00:00 GMT
< Last-Modified: Tue, 21 Nov 2006 13:41:36 GMT
< Cache-Control: no-cache, must-revalidate
< Pragma: no-cache
< Vary: Accept-Encoding
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/plain; charset=utf-8
* Closing connection #0
*** glibc detected *** free(): invalid pointer: 0x000000318cc30af8 ***
Aborted


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-21 14:08 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2006-11-21 15:31 UTC] danilo69 at gmail dot com
(gdb) bt
#0  0x0000002a96165ea3 in EVP_DigestUpdate () from /lib64/libcrypto.so.4
#1  0x0000002a95f8ad77 in tls1_clear () from /lib64/libssl.so.4
#2  0x0000002a00000000 in ?? ()
#3  0x0000000000000030 in ?? ()
#4  0x0000007fbfffb580 in ?? ()
#5  0x0000002a96308580 in sha224_md () from /lib64/libcrypto.so.4
#6  0x0000000000eafca0 in ?? ()
#7  0x0000000000e79920 in ?? ()
#8  0x0000000000000080 in ?? ()
#9  0x0000000000e9b494 in ?? ()
#10 0x0000000000e9b490 in ?? ()
#11 0x0000000000eb0800 in ?? ()
#12 0x0000002a95f8bf65 in tls1_generate_master_secret () from
/lib64/libssl.so.4
#13 0x0000002a95f82575 in SSLv3_client_method () from /lib64/libssl.so.4
#14 0x0000002a95f838db in ssl3_connect () from /lib64/libssl.so.4
#15 0x0000002a95f8a4f4 in ssl23_connect () from /lib64/libssl.so.4
#16 0x0000002a96cda2db in Curl_ossl_connect_common (conn=0xe50a00, sockindex=Variable "sockindex" is not available.
) at ssluse.c:1391
#17 0x0000002a96cdb3d5 in Curl_ossl_connect (conn=Variable "conn" is not available.
) at ssluse.c:1695
#18 0x0000002a96ccc390 in Curl_http_connect (conn=0xe50a00, done=0x7fbfffc67f "") at http.c:1404
#19 0x0000002a96cd612f in Curl_protocol_connect (conn=0xe50a00, protocol_done=0x7fbfffc67f "") at url.c:2368 #20 0x0000002a96cd64be in SetupConnection (conn=0xe50a00, hostaddr=0xe47e80, protocol_done=0x7fbfffc67f "") at url.c:3930
#21 0x0000002a96cd664d in Curl_connect (data=0xe48130, in_connect=0x7fbfffc680, asyncp=0x7fbfffc67e "", protocol_done=0x7fbfffc67f
"") at url.c:3986
#22 0x0000002a96ce1999 in Curl_perform (data=0xe48130) at transfer.c:2164
#23 0x00000000004c1242 in zif_curl_exec (ht=1, return_value=0x2a973a1330, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at
/home/mikaelk/php-5.2.0/ext/curl/interface.c:1656
#24 0x00000000007fdd72 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fbfffd090) at
/home/mikaelk/php-5.2.0/Zend/zend_vm_execute.h:200
#25 0x00000000008039b7 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fbfffd090) at
/home/mikaelk/php-5.2.0/Zend/zend_vm_execute.h:1681
#26 0x00000000007fd80a in execute (op_array=0x2a9739f728) at
/home/mikaelk/php-5.2.0/Zend/zend_vm_execute.h:92
#27 0x00000000007d7ec9 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/mikaelk/php-5.2.0/Zend/zend.c:1097
#28 0x000000000077f006 in php_execute_script (primary_file=0x7fbffff810) at
/home/mikaelk/php-5.2.0/main/main.c:1758
#29 0x000000000085082a in main (argc=2, argv=0x7fbffff968) at
/home/mikaelk/php-5.2.0/sapi/cli/php_cli.c:1108
 [2006-11-21 15:42 UTC] tony2001@php.net
The backtrace clearly shows that it's not PHP problem.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC