PHP :: Bug #47616 :: curl keeps crashing

Bug #47616	curl keeps crashing
Submitted:	2009-03-10 21:42 UTC	Modified:	2009-03-16 15:10 UTC
From:	phpbugs at rizzt dot kicks-ass dot org	Assigned:	felipe (profile)
Status:	Closed	Package:	cURL related
PHP Version:	5.2.9	OS:	fedora 8,10
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	phpbugs at rizzt dot kicks-ass dot org
New email:
PHP Version:		OS:

New Comment:

[2009-03-10 21:42 UTC] phpbugs at rizzt dot kicks-ass dot org

Description:
------------
After upgrading to PHP 5.2.9, the code below does not run anymore.
It is not possible to reproduce the bug with a simple script.

This code terminates in 5.2.9 always, but runs in 5.2.8 without any 
problems.

I do not know if it happens using the same resource or only 
curl_setopt.

Reproduce code:
---------------
$ch = curl_init($url);
echo "ok";
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
echo "never shows";



Expected result:
----------------
ok
never shows

Actual result:
--------------
ok

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-03-10 23:28 UTC] pajoye@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2009-03-11 12:21 UTC] phpbugs at rizzt dot kicks-ass dot org

Here is the backtrace

'./configure'  '--with-openssl' '--with-mysql' '--with-gd' '--with-
freetype-dir=/usr' '--with-png-dir' '--with-jpeg-dir' '--with-curl' 
'--with-zlib' '--with-bz2' '--enable-pcntl' '--with-
apxs2=/usr/local/apache2/bin/apxs' '--enable-debug'

(gdb) frame 5
#5  0x00007ffff75a3bdd in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fffffff0880)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:200
200                             ((zend_internal_function *) 
EX(function_state).function)->handler(opline->extended_value, 
EX_T(opline->result.u.var).var.ptr, EX(function_state).function-
>common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, 
EX(object), return_value_used TSRMLS_CC);


#0  0x0000003093c841de in memcpy () from /lib64/libc.so.6
#1  0x00000030a4621b0e in Curl_setopt () from /usr/lib64/libcurl.so.4
#2  0x00000030a462a8f2 in curl_easy_setopt () from 
/usr/lib64/libcurl.so.4
#3  0x00007ffff736cdef in _php_curl_setopt (ch=0xc52ee0, 
option=10015,
    zvalue=0xa60d68, return_value=0xc4dd18)
    at /home/inst/php-5.2.9/ext/curl/interface.c:1554
#4  0x00007ffff736da95 in zif_curl_setopt (ht=<value optimized out>,
    return_value=0xc4dd18, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value 
optimized out>)
    at /home/inst/php-5.2.9/ext/curl/interface.c:1668
#5  0x00007ffff75a3bdd in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fffffff0880)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:200
#6  0x00007ffff7590174 in execute (op_array=0x98bbe0)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:92
#7  0x00007ffff75a34ee in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fffffffbc50)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:234
#8  0x00007ffff7590174 in execute (op_array=0xa6f950)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:92
#9  0x00007ffff756cdcb in zend_execute_scripts (type=8,
    retval=<value optimized out>, file_count=3)
    at /home/inst/php-5.2.9/Zend/zend.c:1134
#10 0x00007ffff75289ea in php_execute_script 
(primary_file=0x7fffffffe0d0)
    at /home/inst/php-5.2.9/main/main.c:2023
#11 0x00007ffff75e1f9f in php_handler (r=0x989178)
    at /home/inst/php-5.2.9/sapi/apache2handler/sapi_apache2.c:632
#12 0x000000000043d066 in ap_run_handler ()
#13 0x000000000043d902 in ap_invoke_handler ()
#14 0x000000000045e67f in ap_process_request ()
#15 0x000000000045b64f in ap_process_http_connection ()
#16 0x0000000000446402 in ap_run_process_connection ()
#17 0x0000000000446844 in ap_process_connection ()
#18 0x00000000004822a4 in child_main ()
#19 0x000000000048238a in make_child ()
#20 0x000000000048292e in ap_mpm_run ()
#21 0x00000000004243a6 in main ()

[2009-03-11 14:00 UTC] jani@php.net

Curl bugs are not PHP bug. Please report to curl people. (does not crash for me..)

[2009-03-16 14:21 UTC] phpbugs at rizzt dot kicks-ass dot org

It seems to crash when I pass an integer to url_setopt($ch, 
CURLOPT_POSTFIELDS, $var); With a string it works fine.

I have compiled 5.2.8 with the exact same settings and it works. 

I can confirm these crashes with fedora 8,10 and suse 11.

/usr/lib64/libcurl.so.4.1.1

/usr/lib64/libcurl.so.4.1.0

/usr/lib64/libcurl.so.4.0.1

Maybe that helps a little bit more.

[2009-03-16 15:00 UTC] phpbugs at rizzt dot kicks-ass dot org

i debugged it for you.

ext/curl/interface.c

around line 1555 you pass Z_STRVAL_PP(zvalue) to curl. in this case 
no type conversion is done and it passes 60 instead of a pointer to 
the string.

#if LIBCURL_VERSION_NUM >= 0x071101
/* with curl 7.17.0 and later, we can use COPYPOSTFIELDS, but we have 
to provide size before */
error = curl_easy_setopt(ch->cp, CURLOPT_POSTFIELDSIZE, 
Z_STRLEN_PP(zvalue));
error = curl_easy_setopt(ch->cp, CURLOPT_COPYPOSTFIELDS, 
Z_STRVAL_PP(zvalue));
#else

[2009-03-16 15:10 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2.10, 5.3 and HEAD.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC