php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #39570 https Segmentation fault
Submitted: 2006-11-21 14:04 UTC Modified: 2006-11-21 15:42 UTC
From: danilo69 at gmail dot com Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.2.0 OS: Linux x86_64
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: danilo69 at gmail dot com
New email:
PHP Version: OS:

 

 [2006-11-21 14:04 UTC] danilo69 at gmail dot com 
Description:
------------
https curl crash (segfault)

Reproduce code:
---------------
<?php
$rCurlHandle = curl_init('https://xxxxxx');
$aParam = array();



curl_setopt($rCurlHandle, CURLOPT_VERBOSE, 1);

curl_setopt($rCurlHandle, CURLOPT_TIMEOUT, 60);
curl_setopt($rCurlHandle, CURLOPT_CONNECTTIMEOUT, 60);

curl_setopt($rCurlHandle, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($rCurlHandle, CURLOPT_HEADER, 0);

curl_setopt($rCurlHandle, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($rCurlHandle, CURLOPT_HTTPHEADER, array("Connection: close"));

curl_setopt($rCurlHandle, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($rCurlHandle, CURLOPT_POST, 1);
curl_setopt($rCurlHandle, CURLOPT_POSTFIELDS, http_build_query($aParam));
if (array_key_exists('HTTP_USER_AGENT', $_SERVER))
{
	curl_setopt($rCurlHandle, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
}
print 'pre exec';
$sResponse = curl_exec($rCurlHandle);
print 'post exec';
curl_close($rCurlHandle);
print 'post close';

?>

Expected result:
----------------
no crash

Actual result:
--------------
pre exec* About to connect() to xxxxx port 443
*   Trying xxxxx... * connected
* Connected to xxxxxx port 443
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/curl/curl-ca-bundle.crt
  CApath: none
* SSL connection using 
* Server certificate:
*        subject: xxxxxx
*        start date: 2006-04-18 12:58:10 GMT
*        expire date: 2008-04-17 12:58:10 GMT
*        issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
* SSL certificate verify ok.
> POST xxxx HTTP/1.1
Host: xxx
Accept: */*
Connection: close
Content-Length: 129
Content-Type: application/x-www-form-urlencoded

abc=123< HTTP/1.1 200 OK
< Date: Tue, 21 Nov 2006 13:41:36 GMT
< Server: Apache
< Expires: Mon, 26 Jul 1997 05:00:00 GMT
< Last-Modified: Tue, 21 Nov 2006 13:41:36 GMT
< Cache-Control: no-cache, must-revalidate
< Pragma: no-cache
< Vary: Accept-Encoding
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/plain; charset=utf-8
* Closing connection #0
*** glibc detected *** free(): invalid pointer: 0x000000318cc30af8 ***
Aborted

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-21 14:08 UTC] tony2001@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2006-11-21 15:31 UTC] danilo69 at gmail dot com 
(gdb) bt
#0  0x0000002a96165ea3 in EVP_DigestUpdate () from /lib64/libcrypto.so.4
#1  0x0000002a95f8ad77 in tls1_clear () from /lib64/libssl.so.4
#2  0x0000002a00000000 in ?? ()
#3  0x0000000000000030 in ?? ()
#4  0x0000007fbfffb580 in ?? ()
#5  0x0000002a96308580 in sha224_md () from /lib64/libcrypto.so.4
#6  0x0000000000eafca0 in ?? ()
#7  0x0000000000e79920 in ?? ()
#8  0x0000000000000080 in ?? ()
#9  0x0000000000e9b494 in ?? ()
#10 0x0000000000e9b490 in ?? ()
#11 0x0000000000eb0800 in ?? ()
#12 0x0000002a95f8bf65 in tls1_generate_master_secret () from
/lib64/libssl.so.4
#13 0x0000002a95f82575 in SSLv3_client_method () from /lib64/libssl.so.4
#14 0x0000002a95f838db in ssl3_connect () from /lib64/libssl.so.4
#15 0x0000002a95f8a4f4 in ssl23_connect () from /lib64/libssl.so.4
#16 0x0000002a96cda2db in Curl_ossl_connect_common (conn=0xe50a00, sockindex=Variable "sockindex" is not available.
) at ssluse.c:1391
#17 0x0000002a96cdb3d5 in Curl_ossl_connect (conn=Variable "conn" is not available.
) at ssluse.c:1695
#18 0x0000002a96ccc390 in Curl_http_connect (conn=0xe50a00, done=0x7fbfffc67f "") at http.c:1404
#19 0x0000002a96cd612f in Curl_protocol_connect (conn=0xe50a00, protocol_done=0x7fbfffc67f "") at url.c:2368 #20 0x0000002a96cd64be in SetupConnection (conn=0xe50a00, hostaddr=0xe47e80, protocol_done=0x7fbfffc67f "") at url.c:3930
#21 0x0000002a96cd664d in Curl_connect (data=0xe48130, in_connect=0x7fbfffc680, asyncp=0x7fbfffc67e "", protocol_done=0x7fbfffc67f
"") at url.c:3986
#22 0x0000002a96ce1999 in Curl_perform (data=0xe48130) at transfer.c:2164
#23 0x00000000004c1242 in zif_curl_exec (ht=1, return_value=0x2a973a1330, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at
/home/mikaelk/php-5.2.0/ext/curl/interface.c:1656
#24 0x00000000007fdd72 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fbfffd090) at
/home/mikaelk/php-5.2.0/Zend/zend_vm_execute.h:200
#25 0x00000000008039b7 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fbfffd090) at
/home/mikaelk/php-5.2.0/Zend/zend_vm_execute.h:1681
#26 0x00000000007fd80a in execute (op_array=0x2a9739f728) at
/home/mikaelk/php-5.2.0/Zend/zend_vm_execute.h:92
#27 0x00000000007d7ec9 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/mikaelk/php-5.2.0/Zend/zend.c:1097
#28 0x000000000077f006 in php_execute_script (primary_file=0x7fbffff810) at
/home/mikaelk/php-5.2.0/main/main.c:1758
#29 0x000000000085082a in main (argc=2, argv=0x7fbffff968) at
/home/mikaelk/php-5.2.0/sapi/cli/php_cli.c:1108
 [2006-11-21 15:42 UTC] tony2001@php.net 
The backtrace clearly shows that it's not PHP problem.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 10:01:29 2024 UTC