PHP :: Bug #22681 :: cURL Special case Segfault

Bug #22681	cURL Special case Segfault
Submitted:	2003-03-13 10:31 UTC	Modified:	2003-03-13 12:17 UTC
From:	john@php.net	Assigned:
Status:	Closed	Package:	cURL related
PHP Version:	4.3.2-RC	OS:	Redhat
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	john@php.net
New email:
PHP Version:		OS:

New Comment:

[2003-03-13 10:31 UTC] john@php.net

I've found, by complete accident a very strange curl segfault produced by the following code:

    $ch = curl_init ("ftp://localhost/itworked.txt");
    curl_setopt($ch, CURLOPT_USERPWD, "php:foobar");
    $fr = fopen("curl_ex6.php");
    curl_setopt($ch, CURLOPT_INFILE, $fr);
    curl_setopt($ch, CURLOPT_UPLOAD, true);
    curl_exec($ch);
    fclose($fr);
    curl_close($ch);

Two important parts to this segfault:

   1) fopen() cannot actually be correctly formatted. It must fail to specify the mode. 

   2) The username, password set by curl_setopt must actually be a real username/password that works. If you provide a fake password, everything is fine.. but if you actually used a real password you segfault.


here's the BT:

#0  0x40259a85 in _IO_fread (buf=0x821ca25, size=1, count=16384, fp=0x0)
    at iofread.c:42
#1  0x08069893 in curl_read (data=0x821ca25 "", size=1, nmemb=16384,
    ctx=0x8217aac) at /usr/local/src/php-4.3.1/ext/curl/curl.c:394
#2  0x400f0842 in fillbuffer (conn=0x82130b0, bytes=16384) at transfer.c:137
#3  0x400f1c7e in Curl_readwrite (conn=0x82130b0, done=0xbfffccff "")
    at transfer.c:948
#4  0x400f24d2 in Transfer (conn=0x82130b0) at transfer.c:1247
#5  0x400f2a4e in Curl_perform (data=0x82183a8) at transfer.c:1586
#6  0x400f2dfc in curl_easy_perform (curl=0x82183a8) at easy.c:247
#7  0x0806b03d in zif_curl_exec (ht=1, return_value=0x820e73c, this_ptr=0x0,
    return_value_used=0) at /usr/local/src/php-4.3.1/ext/curl/curl.c:994
#8  0x0814c928 in execute (op_array=0x8213024)
    at /usr/local/src/php-4.3.1/Zend/zend_execute.c:1596
#9  0x0813a538 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/src/php-4.3.1/Zend/zend.c:864
#10 0x081143f5 in php_execute_script (primary_file=0xbffffa40)
    at /usr/local/src/php-4.3.1/main/main.c:1573
#11 0x08154e9c in main (argc=2, argv=0xbffffae4)
    at /usr/local/src/php-4.3.1/sapi/cli/php_cli.c:746
#12 0x40207306 in __libc_start_main (main=0x815451c <main>, argc=2,
    ubp_av=0xbffffae4, init=0x806461c <_init>, fini=0x815d280 <_fini>,
    rtld_fini=0x4000d2dc <_dl_fini>, stack_end=0xbffffadc)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-03-13 12:17 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 15:01:28 2024 UTC