PHP :: Bug #33727 :: Curl crashes PHP 5.1 Beta 3

Bug #33727

Curl crashes PHP 5.1 Beta 3

Submitted:

2005-07-16 20:03 UTC

Modified:

2005-08-02 01:28 UTC

Votes:	3
Avg. Score:	3.7 ± 0.9
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	0 (0.0%)

From:

rele at gmx dot de

Assigned:

edink (profile)

Status:

Closed

Package:

cURL related

PHP Version:

5.1.0b3

OS:

Windows 2000 SP4 Build 2195

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	rele at gmx dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2005-07-16 20:03 UTC] rele at gmx dot de

Description:
------------
Hello,

when I use the current cURL library, the reusing of a cURL object for multiple requests crashes PHP.
At least the first request works, but the next request or the third request with the same cURL object will fail.
This worked with PHP 5.0.4 without problems.


PHP Version => 5.1.0b3
System => Windows NT TRENTEC1 5.0 build 2195
Build Date => Jul 14 2005 20:32:24
Configure Command => cscript /nologo configure.js  "--enable-snapshot-build" "--with-gd=shared"
PHP API => 20041225
PHP Extension => 20050617
Zend Extension => 220050617
Debug Build => no
Thread Safety => enabled
Zend Memory Manager => enabled
IPv6 Support => enabled
Zend Engine v2.1.0b3
CURL Information => libcurl/7.11.2 OpenSSL/0.9.7c zlib/1.1.4


Differences to php.ini-dist:

precision    =  14
output_buffering = 4096
error_reporting  =  E_ALL
display_startup_errors = On
variables_order = "GPCS"
register_long_arrays = Off
register_argc_argv = Off
magic_quotes_gpc = Off
include_path = "C:\Programme\php\pear;C:\Programme\php\library;."
extension_dir = "C:\Programme\php\ext";
from="john@doe.com"
user_agent="Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
extension=php_pdo_sqlite.dll
sendmail_from = info@cayin.com
dbx.colnames_case = "lowercase"
session.save_path = "C:\winnt\temp"
session.gc_divisor     = 1000
session.bug_compat_42 = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"


Reproduce code:
---------------
// Initializing cURL

  $curl = curl_init();
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
  curl_setopt($curl, CURLOPT_HEADER, 0);
  curl_setopt($curl, CURLOPT_USERAGENT, ini_get('user_agent'));
  curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($curl, CURLOPT_ENCODING , 'gzip');
  curl_setopt($curl, CURLOPT_COOKIEJAR, "my_cookies.txt");
  curl_setopt($curl, CURLOPT_COOKIEFILE, "my_cookies.txt");  


// get content from multiple URLs with the same object
foreach($urls => $url) {
  curl_setopt($curl, CURLOPT_URL, $url);
  $content = curl_exec($curl);
}


Expected result:
----------------
All URLs should be downloaded without problems, but after one or more downloads the script exits with error code -1073741819.
When running the script from php-cgi.exe under a web server there will be also a drwtsn32.log entry and a user.dmp file generated.

Actual result:
--------------
Last drwtsn32.log entry:

Anwendungsausnahme aufgetreten:
        Anwendung:  (pid=844)
        Wann: 15.07.2005 @ 21:24:41.406
        Ausnahmenummer: c0000005 (Zugriffsverletzung)

*----> Systeminformationen <----*
        Computername: TRENTEC1
        Benutzername: SYSTEM
        Prozessoranzahl: 1
        Prozessortyp: x86 Family 15 Model 3 Stepping 4
        Windows 2000-Version: 5.0
        Aktuelles Build: 2195
        Service Pack: 4
        Aktueller Typ: Uniprocessor Free
        Firma: 
        Besitzer: test

*----> Taskliste <----*
   0 Idle.exe
   8 System.exe
 164 smss.exe
 188 csrss.exe
 208 WINLOGON.exe
 236 SERVICES.exe
 248 LSASS.exe
 424 svchost.exe
 448 spoolsv.exe
 480 svchost.exe
 496 FAHConsole.exe
 516 fpdisp5a.exe
 568 FahCore_78.exe
 636 Janad.exe
 736 mstask.exe
 800 winmgmt.exe
 948 explorer.exe
1040 hkcmd.exe
1096 fpdisp5a.exe
1076 FriFax32.exe
1152 javaw.exe
1384 emule.exe
1192 TextPad.exe
2036 Azureus.exe
2040 javaw.exe
1256 firefox.exe
 844 php-cgi.exe
1128 drwtsn32.exe
   0 _Total.exe

(00400000 - 0040E000) 
(77880000 - 77902000) 
(10000000 - 10448000) 
(779A0000 - 77A3B000) 
(7CE80000 - 7CF81000) 
(79350000 - 793B5000) 
(77E70000 - 77F30000) 
(77D20000 - 77D98000) 
(77F40000 - 77F7F000) 
(77E00000 - 77E69000) 
(1F7C0000 - 1F7F4000) 
(78000000 - 78045000) 
(76B00000 - 76B3F000) 
(77C70000 - 77CB9000) 
(77B40000 - 77BC9000) 
(7CF90000 - 7D1EC000) 
(74FA0000 - 74FB4000) 
(74F90000 - 74F98000) 
(00CC0000 - 00CD9000) 
(00E20000 - 00E5C000) 
(01260000 - 0128E000) 
(01290000 - 012B7000) 
(012C0000 - 01399000) 
(74FC0000 - 74FC9000) 
(77540000 - 77571000) 
(74F40000 - 74F5E000) 
(74F80000 - 74F87000) 
(77830000 - 7783C000) 
(77970000 - 77994000) 
(77310000 - 77323000) 
(774F0000 - 774F5000) 
(772F0000 - 77307000) 
(750C0000 - 750D0000) 
(7CE20000 - 7CE73000) 
(75130000 - 75136000) 
(77BE0000 - 77BF1000) 
(77940000 - 7796C000) 
(79430000 - 7943F000) 
(77380000 - 773B0000) 
(77350000 - 77373000) 
(77820000 - 7782E000) 
(78310000 - 783A1000) 
(791A0000 - 79205000) 
(774B0000 - 774E4000) 
(77490000 - 774A1000) 
(77500000 - 77522000) 
(77330000 - 77349000) 
(777D0000 - 777D8000) 
(777E0000 - 777E5000) 

Statusabbild f?r Threadkennung 0x564

eax=00ba2570 ebx=01016005 ecx=00000000 edx=00fcbd00 esi=0145eff8 edi=00ba2570
eip=10008034 esp=0012fa20 ebp=00ba2570 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


Funktion: efree
        10008020 8b442404         mov     eax,[esp+0x4]          ss:00ba9907=00000010
        10008024 56               push    esi
        10008025 57               push    edi
        10008026 6a00             push    0x0
        10008028 6a00             push    0x0
        1000802a 8d70f0           lea     esi,[eax+0xf0]         ds:0161c456=????????
        1000802d e80e5e0d00       call    ts_resource_ex (100dde40)
        10008032 8bf8             mov     edi,eax
FEHLER ->10008034 8b4608           mov     eax,[esi+0x8]          ds:01ed8ede=????????
        10008037 83c007           add     eax,0x7
        1000803a 83c408           add     esp,0x8
        1000803d c1e803           shr     eax,0x3
        10008040 83f80b           cmp     eax,0xb
        10008043 7340             jnb     zend_do_inheritance+0x575 (10010b85)
        10008045 8b0f             mov     ecx,[edi]              ds:00ba2570=00d301b0
        10008047 8b15a8724210                                    ds:104272a8=00000005
                                  mov     edx,[alloc_globals_id (104272a8)]
        1000804d 8b4c91fc         mov     ecx,[ecx+edx*4+0xfc]   ds:01a45be7=????????
        10008051 8b9481042c0000   mov     edx,[ecx+eax*4+0x2c04] ds:00ba5174=00000000
        10008058 81fa00010000     cmp     edx,0x100
        1000805e 7325             jnb     zend_is_compiling+0x495 (1000d385)

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00BA2570 0000001F 00000564 00000000 00030005 00080100 !efree 

*----> Raw Stack Dump <----*
0012fa20  00 00 00 00 00 00 00 00 - 07 00 00 00 08 f0 45 01  ..............E.
0012fa30  b7 9b 0b 10 08 f0 45 01 - f8 8d 01 01 cf 50 08 10  ......E......P..
0012fa40  f8 8d 01 01 94 fb 12 00 - 70 25 ba 00 90 93 e1 00  ........p%......
0012fa50  58 6b fa 00 70 25 ba 00 - f8 a5 48 01 cc 92 01 01  Xk..p%....H.....
0012fa60  40 bd fc 00 f8 a5 48 01 - 48 bd fc 00 90 93 e1 00  @.....H.H.......
0012fa70  00 60 01 01 00 00 00 00 - 00 00 00 00 05 75 01 10  .`...........u..
0012fa80  00 00 00 00 90 5d ff 00 - 92 74 01 10 9c fa 12 00  .....]...t......
0012fa90  00 00 00 00 38 fb 12 00 - 70 25 ba 00 40 bd fc 00  ....8...p%..@...
0012faa0  18 e9 fd 00 90 93 e1 00 - 28 00 00 00 04 5a ff 00  ........(....Z..
0012fab0  fc 54 d0 00 70 25 ba 00 - 00 00 00 00 90 93 e1 00  .T..p%..........
0012fac0  00 00 00 00 00 60 01 01 - 58 e9 fd 00 01 fd cf 00  .....`..X.......
0012fad0  49 fd cf 00 90 5d ff 00 - 38 fb 12 00 2c 7a 01 10  I....]..8...,z..
0012fae0  90 93 e1 00 70 25 ba 00 - 48 94 ce 00 d8 a4 ce 00  ....p%..H.......
0012faf0  70 25 ba 00 00 00 00 00 - 01 00 00 00 38 fb 12 00  p%..........8...
0012fb00  38 fb 12 00 58 6b fa 00 - d8 a4 ce 00 00 00 00 00  8...Xk..........
0012fb10  00 00 00 00 00 00 00 00 - 05 75 01 10 01 00 00 00  .........u......
0012fb20  b8 88 ba 00 92 74 01 10 - 38 fb 12 00 70 25 ba 00  .....t..8...p%..
0012fb30  70 25 ba 00 00 00 00 00 - 58 6b fa 00 90 5d ff 00  p%......Xk...]..
0012fb40  90 93 e1 00 90 e8 09 10 - e4 83 ba 00 80 a5 ce 00  ................
0012fb50  24 3e 0a 10 90 93 e1 00 - d8 a4 ce 00 00 00 00 00  $>..............

Statusabbild f?r Threadkennung 0x5dc

eax=00470650 ebx=00000000 ecx=002f3270 edx=00000000 esi=00f5ff64 edi=77e17bcc
eip=77e31eb3 esp=00f5ff20 ebp=00f5ff40 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


Funktion: DispatchMessageW
        77e31e99 e8349dffff       call    GetFocus+0x50 (77e2bbd2)
        77e31e9e e93effffff       jmp     GetWindowLongW+0x681 (77e31de1)
        77e31ea3 90               nop
        77e31ea4 90               nop
        77e31ea5 90               nop
        77e31ea6 90               nop
        77e31ea7 90               nop
        77e31ea8 b89a110000       mov     eax,0x119a
        77e31ead 8d542404         lea     edx,[esp+0x4]          ss:019d9e07=????????
        77e31eb1 cd2e             int     2e
        77e31eb3 c21000           ret     0x10
        77e31eb6 90               nop
        77e31eb7 90               nop
        77e31eb8 90               nop
        77e31eb9 90               nop
        77e31eba 90               nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00F5FF40 10094B95 00F5FF64 00000000 00000000 00000000 user32!DispatchMessageW 
00F5FFB4 77E7B388 00DF3CA0 0013407C 00134078 00DF3CA0 !zend_timeout 
00F5FFEC 00000000 78008532 00DF3CA0 00000000 00000008 kernel32!lstrcmpiW 

*----> Raw Stack Dump <----*
00f5ff20  7d 79 e1 77 64 ff f5 00 - 00 00 00 00 00 00 00 00  }y.wd...........
00f5ff30  00 00 00 00 00 00 00 00 - 3f 79 e1 77 cc 7b e1 77  ........?y.w.{.w
00f5ff40  b4 ff f5 00 95 4b 09 10 - 64 ff f5 00 00 00 00 00  .....K..d.......
00f5ff50  00 00 00 00 00 00 00 00 - 7c 40 13 00 a0 3c df 00  ........|@...<..
00f5ff60  a0 3c df 00 00 00 00 00 - 01 04 00 00 64 05 00 00  .<..........d...
00f5ff70  00 00 00 00 b6 d9 51 0f - e2 01 00 00 43 00 00 00  ......Q.....C...
00f5ff80  bc 85 00 78 00 00 00 00 - 7c 40 13 00 78 40 13 00  ...x....|@..x@..
00f5ff90  a0 3c df 00 fc f6 42 80 - 20 eb 7d 85 88 ff f5 00  .<....B. .}.....
00f5ffa0  ff ff ff ff dc ff f5 00 - 6a bd 00 78 20 2f 03 78  ........j..x /.x
00f5ffb0  00 00 00 00 ec ff f5 00 - 88 b3 e7 77 a0 3c df 00  ...........w.<..
00f5ffc0  7c 40 13 00 78 40 13 00 - a0 3c df 00 00 d0 fd 7f  |@..x@...<......
00f5ffd0  94 40 13 00 c0 ff f5 00 - 94 40 13 00 ff ff ff ff  .@.......@......
00f5ffe0  54 1f ec 77 08 2b e7 77 - 00 00 00 00 00 00 00 00  T..w.+.w........
00f5fff0  00 00 00 00 32 85 00 78 - a0 3c df 00 00 00 00 00  ....2..x.<......
00f60000  08 00 00 00 01 01 00 00 - ee ff ee ff 00 00 00 00  ................
00f60010  00 00 ce 00 00 e0 00 00 - 00 00 f6 00 00 01 00 00  ................
00f60020  40 00 f6 00 00 00 06 01 - 1f 00 00 00 03 00 00 00  @...............
00f60030  a8 05 ce 00 00 00 00 00 - e8 df 04 01 00 00 00 00  ................
00f60040  17 bb 08 00 01 01 08 00 - 80 5d d1 00 d8 6e d1 00  .........]...n..
00f60050  a0 d8 05 00 00 00 00 00 - d0 3f 07 10 00 00 00 00  .........?......

Statusabbild f?r Threadkennung 0x684

eax=778221fe ebx=00000003 ecx=0173f5a4 edx=00000000 esi=77888ef8 edi=00000003
eip=77888f03 esp=0185fd24 ebp=0185fd70 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


Funktion: NtWaitForMultipleObjects
        77888ef8 b8e9000000       mov     eax,0xe9
        77888efd 8d542404         lea     edx,[esp+0x4]          ss:022d9c0b=????????
        77888f01 cd2e             int     2e
        77888f03 c21400           ret     0x14
        77888f06 8bff             mov     edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0185FD70 77E9A10E 0185FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 
0185FFB4 77E7B388 00000004 000B000A 793A80D0 00157FC0 kernel32!WaitForMultipleObjects 
0185FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW 

Statusabbild f?r Threadkennung 0x124

eax=00000000 ebx=00159a80 ecx=7ffdc000 edx=00000000 esi=74f5a3a0 edi=00000000
eip=77888af7 esp=0195ff84 ebp=0195ffb4 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000202


Funktion: NtRemoveIoCompletion
        77888aec b8a8000000       mov     eax,0xa8
        77888af1 8d542404         lea     edx,[esp+0x4]          ss:023d9e6b=????????
        77888af5 cd2e             int     2e
        77888af7 c21400           ret     0x14
        77888afa 8bff             mov     edi,edi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0195FFB4 77E7B388 74F49048 00000000 00000000 00159A80 ntdll!NtRemoveIoCompletion 
0195FFEC 00000000 74F46311 00159A80 00000000 00000000 kernel32!lstrcmpiW 

*----> Raw Stack Dump <----*
0195ff84  63 63 f4 74 d4 02 00 00 - bc ff 95 01 b0 ff 95 01  cc.t............
0195ff94  a4 ff 95 01 08 64 f4 74 - 00 00 00 00 00 00 00 00  .....d.t........
0195ffa4  00 00 00 00 00 00 00 00 - 00 00 f4 74 88 bc 13 00  ...........t....
0195ffb4  ec ff 95 01 88 b3 e7 77 - 48 90 f4 74 00 00 00 00  .......wH..t....
0195ffc4  00 00 00 00 80 9a 15 00 - 00 c0 fd 7f 00 00 00 00  ................
0195ffd4  c0 ff 95 01 00 00 00 00 - ff ff ff ff 54 1f ec 77  ............T..w
0195ffe4  08 2b e7 77 00 00 00 00 - 00 00 00 00 00 00 00 00  .+.w............
0195fff4  11 63 f4 74 80 9a 15 00 - 00 00 00 00 00 00 00 00  .c.t............
01960004  00 00 01 00 00 10 00 00 - 00 00 00 00 b8 05 ce 00  ................
01960014  00 f0 45 01 00 f0 00 00 - 00 00 00 00 d8 05 ce 00  ..E.............
01960024  00 c0 48 01 00 60 01 00 - 00 00 00 00 40 00 96 01  ..H..`......@...
01960034  00 00 00 00 00 00 00 00 - 00 00 00 00 50 00 96 01  ............P...
01960044  00 00 00 00 00 00 00 00 - 00 00 00 00 60 00 96 01  ............`...
01960054  00 00 00 00 00 00 00 00 - 00 00 00 00 70 00 96 01  ............p...
01960064  00 00 00 00 00 00 00 00 - 00 00 00 00 80 00 96 01  ................
01960074  00 00 00 00 00 00 00 00 - 00 00 00 00 90 00 96 01  ................
01960084  00 00 00 00 00 00 00 00 - 00 00 00 00 a0 00 96 01  ................
01960094  00 00 00 00 00 00 00 00 - 00 00 00 00 b0 00 96 01  ................
019600a4  00 00 00 00 00 00 00 00 - 00 00 00 00 c0 00 96 01  ................
019600b4  00 00 00 00 00 00 00 00 - 00 00 00 00 d0 00 96 01  ................

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-07-18 02:36 UTC] sniper@php.net

Please provide a script which actually can work. The one you put here can not. foreach ($foo => bar) ?? Whatta hell?

And DO NOT add such useless dumps from winblows into the report unless we ASK for them!

[2005-07-18 20:06 UTC] rele at gmx dot de

<?php

// Initializing cURL
  $curl = curl_init();
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
  curl_setopt($curl, CURLOPT_HEADER, 0);
  curl_setopt($curl, CURLOPT_USERAGENT, ini_get('user_agent'));
  curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($curl, CURLOPT_ENCODING , 'gzip');
  curl_setopt($curl, CURLOPT_COOKIEJAR, "my_cookies.txt");
  curl_setopt($curl, CURLOPT_COOKIEFILE, "my_cookies.txt");  

// Download eBay pages
  $urls[] =
'http://search.ebay.com/test_W0QQcatrefZC5QQfbdZ1QQfclZ3QQfromZR14QQfrppZ200QQfsclZ1QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQnojsprZyQQpfidZ0QQsacatZQ2d1QQsacqyopZgeQQsacurZ0QQsadisZ200QQsalicZ1QQsaslopZ1QQsofocusZbsQQsojsZ1QQsorefinesearchZ1';
  $urls[] =
'http://search.ebay.com/test_W0QQcatrefZC5QQfbdZ1QQfclZ3QQfromZR14QQfrppZ200QQfsclZ1QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQnojsprZyQQpfidZ0QQsaatcZ1QQsacatZQ2d1QQsacqyopZgeQQsacurZ0QQsadisZ200QQsaslopZ1QQsofocusZbsQQsojsZ1QQsorefinesearchZ1';
  $urls[] =
'http://search.stores.ebay.com/search/search.dll?fp=4&sofocus=bs&satitle=test&sacat=-1%26catref%3DC5&fbd=1&sojs=1&fscl=1&saslop=1&catref=C5&sorefinesearch=1&from=R14&nojspr=y&pfid=0&sif=1&fswc=1&few=&saprclo=&saprchi=&sargn=-1%26saslc%3D0&fls=3&salic=1&saatc=1&sadis=200&fpos=&fsct=&sacur=0&ftrt=1&ftrv=1&sabdlo=&sabdhi=&fsop=1%26fsoo%3D1&fcl=3&frpp=200';
  $urls[] =
'http://search.stores.ebay.com/search/search.dll?fp=4&sofocus=bs&satitle=test&sacat=-1%26catref%3DC5&fbd=1&sojs=1&fscl=1&saslop=1&catref=C5&sorefinesearch=1&from=R14&nojspr=y&pfid=0&sif=1&fswc=1&few=&saprclo=&saprchi=&sargn=-1%26saslc%3D0&salic=1&fls=2&saatc=1&sadis=200&fpos=&fsct=&sacur=0&ftrt=1&ftrv=1&sabdlo=&sabdhi=&fsop=1%26fsoo%3D1&fcl=3&frpp=200';

// get content from multiple URLs with the same object
  foreach($urls as $url) {
    curl_setopt($curl, CURLOPT_URL, $url);
    $content = curl_exec($curl);
  }

?>


Best regards,
Ren?

[2005-07-18 20:58 UTC] sniper@php.net

Works fine for me under Linux and using curl 7.12.1.
Edin, can you try this under win32 using more recent curl version?

[2005-08-02 01:28 UTC] edink@php.net

Curl updated to 7.14.0, the test script works fine for me.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed May 15 20:01:35 2024 UTC