php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46832 memleak on handles duplicated with curl_copy_handle()
Submitted: 2008-12-11 05:57 UTC Modified: 2008-12-11 13:55 UTC
From: magicaltux@php.net Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.2CVS-2008-12-11 (CVS) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: magicaltux@php.net
New email:
PHP Version: OS:

 

 [2008-12-11 05:57 UTC] magicaltux@php.net
Description:
------------
When an handle is copied with curl_copy_handle(), its ability to free memory used by strings is disabled.

In ext/curl/interface.c near line 1215 :

  zend_llist_copy(&dupch->to_free.str, &ch->to_free.str);
  /* Don't try to free copied strings, they're free'd when the original handle is destroyed */
  dupch->to_free.str.dtor = NULL;
  zend_llist_copy(&dupch->to_free.slist, &ch->to_free.slist);
  zend_llist_copy(&dupch->to_free.post, &ch->to_free.post);

1. New strings allocated by this new handle will have "NULL" as dtor
2. slist and post will still be free'd on both handles. Freeing one handle first also probably breaks the second handle
3. The copied handle will have unexpected behaviour with libcurl <7.17.0 if the source handle is freed before the copied handle.

Two options exists here:

1. Disable this function for people who don't have at least libcurl 7.17.0, and let libcurl handle duplication of strings, etc.. (it now does this automatically, cf bug #45161).
2. Manually duplicate all options that are set in the source curl handle and register them in newly allocated handle on curl_copy_handle(). This can lead to errors as we do not keep record of all set options.

Reproduce code:
---------------
<?php

$ch = curl_init();

for($i = 0; $i < 2048; ++$i) {
	$ch2 = curl_copy_handle($ch);

	curl_setopt($ch2, CURLOPT_URL, 'http://localhost/test/tset/est');

	curl_close($ch2);

	var_dump(memory_get_usage());
}


Expected result:
----------------
(always the same int dumped)

Actual result:
--------------
[...]
int(415128)
int(415256)
int(415384)
int(415512)
int(415640)
int(415768)
int(415896)
int(416024)
int(416152)
int(416280)
int(416408)
int(416536)
int(416664)
[Thu Dec 11 06:50:37 2008]  Script:  'curl_memleak.php'
ext/curl/interface.c(1342) :  Freeing 0x0198CB78 (31 bytes), script=curl_memleak.php
Last leak repeated 2047 times
=== Total 2048 memory leaks detected ===


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-11 13:55 UTC] magicaltux@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Fix for bug #45161 is likely to fix this issue as well, as long as you have libcurl >= 7.17.0.

Thank you for your interest in PHP.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 11:01:30 2024 UTC