php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40291 glibc detected - double free or corruption - on fclose for socket
Submitted: 2007-01-30 21:41 UTC Modified: 2007-02-01 10:41 UTC
From: razzul69 at yahoo dot com Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 5.2.0 OS: Fedora Core 6
Private report: No CVE-ID: None
 [2007-01-30 21:41 UTC] razzul69 at yahoo dot com
Description:
------------
glibc detected - double free or corruption - on fclose for socket

code will work fine through the web interface, however, will not work from the command line

will get double free or corruption when issuing fclose or when php does the automatic fclose at the end.

It will only be an issue for very few blades, however, when it is an issue, it is reproducible 100% of the time.

When it does not work, one thought is it might be when the blade on the other end closes the connection ahead of time.


./configure --prefix=/usr/local/php --with-config-file-path=/etc/php.d --with-zlib --with-apxs2=/etc/httpd/bin/apxs --enable-magic-quotes --enable-sockets --with-openssl --enable-magic-quotes --with-mysql=/usr/local/mysql --enable-debug

Reproduce code:
---------------
#!/usr/src/php-5.2.0/sapi/cli/php

<?php

$ip = '';
$username = '';
$password = '';

$ilo_xml ='<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="' . $username . '" PASSWORD="' . $password . '">
<RIB_INFO MODE="read">
<GET_FW_VERSION/>
</RIB_INFO>
</LOGIN>
</RIBCL>';

$ssl_handle = @fsockopen ('ssl://' . $ip, 443, $error_number, $error_text, 10);
$split_ilo_xml = split ("\n", $ilo_xml);
stream_set_timeout ($ssl_handle, 10);
fwrite ($ssl_handle, '<?xml version="1.0"?>' . "\r\n");
$ssl_meta_data = stream_get_meta_data ($ssl_handle);
foreach ($split_ilo_xml as $value) {
	fwrite ($ssl_handle, $value . "\r\n");
}
do {
	$data = fgets ($ssl_handle, 1024);
	$data = trim ($data);
	$data = str_ireplace (array ('<', '>'), '', $data);
	print "\n" . $data . '<br />';
} while (! feof ($ssl_handle));
fclose ($ssl_handle);

?> 

Expected result:
----------------
This code is for logging into the back end ilo on a blade. When it works correctly, I will see xml report back.

Actual result:
--------------
*** glibc detected *** /usr/src/php-5.2.0/sapi/cli/php: double free or corruption (out): 0x0027f198 ***
======= Backtrace: =========
/lib/libc.so.6[0x1ab09d]
/lib/libc.so.6(cfree+0x90)[0x1ae6f0]
/lib/libcrypto.so.6(CRYPTO_free+0x3a)[0x6a452a]
/lib/libcrypto.so.6(ASN1_STRING_free+0x2d)[0x71bd8d]
/lib/libcrypto.so.6(ASN1_primitive_free+0x75)[0x712a75]
/lib/libcrypto.so.6(ASN1_primitive_free+0xd2)[0x712ad2]
/lib/libcrypto.so.6[0x712d51]
/lib/libcrypto.so.6(ASN1_template_free+0x8b)[0x712e2b]
/lib/libcrypto.so.6[0x712d31]
/lib/libcrypto.so.6(ASN1_template_free+0x8b)[0x712e2b]
/lib/libcrypto.so.6[0x712d31]
/lib/libcrypto.so.6(ASN1_item_free+0x13)[0x712e73]
/lib/libcrypto.so.6(X509_free+0x27)[0x70d887]
/lib/libcrypto.so.6(sk_pop_free+0x33)[0x6f5e83]
/lib/libssl.so.6(ssl_sess_cert_free+0x78)[0xb08218]
/lib/libssl.so.6(SSL_SESSION_free+0xc5)[0xb08e85]
/lib/libssl.so.6(SSL_free+0x10d)[0xb0688d]
/usr/src/php-5.2.0/sapi/cli/php[0x80b760d]
/usr/src/php-5.2.0/sapi/cli/php(_php_stream_free+0xc4)[0x8283604]
/usr/src/php-5.2.0/sapi/cli/php[0x8283867]
/usr/src/php-5.2.0/sapi/cli/php(list_entry_destructor+0xa3)[0x82bf503]
/usr/src/php-5.2.0/sapi/cli/php(zend_hash_del_key_or_index+0x221)[0x82be991]
/usr/src/php-5.2.0/sapi/cli/php(_zend_list_delete+0x8a)[0x82bf79a]
/usr/src/php-5.2.0/sapi/cli/php(zif_fclose+0xa4)[0x820c654]
/usr/src/php-5.2.0/sapi/cli/php[0x82e10b0]
/usr/src/php-5.2.0/sapi/cli/php(execute+0x15d)[0x82d106d]
/usr/src/php-5.2.0/sapi/cli/php(zend_execute_scripts+0x2c4)[0x82b2424]
/usr/src/php-5.2.0/sapi/cli/php(php_execute_script+0x1f3)[0x826df53]
/usr/src/php-5.2.0/sapi/cli/php(main+0xf1c)[0x8335bec]
/lib/libc.so.6(__libc_start_main+0xdc)[0x15af2c]
/usr/src/php-5.2.0/sapi/cli/php[0x80ac361]

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-30 21:44 UTC] razzul69 at yahoo dot com
#0  0x00c83402 in ?? ()
#1  0x0016dd40 in raise () from /lib/libc.so.6
#2  0x0016f591 in abort () from /lib/libc.so.6
#3  0x001a333b in __libc_message () from /lib/libc.so.6
#4  0x001ab09d in _int_free () from /lib/libc.so.6
#5  0x001ae6f0 in free () from /lib/libc.so.6
#6  0x006a452a in CRYPTO_free () from /lib/libcrypto.so.6
#7  0x0071bd8d in ASN1_STRING_free () from /lib/libcrypto.so.6
#8  0x00712a75 in ASN1_primitive_free () from /lib/libcrypto.so.6
#9  0x00712ad2 in ASN1_primitive_free () from /lib/libcrypto.so.6
#10 0x00712d51 in ASN1_primitive_free () from /lib/libcrypto.so.6
#11 0x00712e2b in ASN1_template_free () from /lib/libcrypto.so.6
#12 0x00712d31 in ASN1_primitive_free () from /lib/libcrypto.so.6
#13 0x00712e2b in ASN1_template_free () from /lib/libcrypto.so.6
#14 0x00712d31 in ASN1_primitive_free () from /lib/libcrypto.so.6
#15 0x00712e73 in ASN1_item_free () from /lib/libcrypto.so.6
#16 0x0070d887 in X509_free () from /lib/libcrypto.so.6
#17 0x006f5e83 in sk_pop_free () from /lib/libcrypto.so.6
#18 0x00b08218 in ssl_sess_cert_free () from /lib/libssl.so.6
#19 0x00b08e85 in SSL_SESSION_free () from /lib/libssl.so.6
#20 0x00b0688d in SSL_free () from /lib/libssl.so.6
#21 0x080b760d in php_openssl_sockop_close (stream=0x960fff8, close_handle=1) at /usr/src/php-5.2.0/ext/openssl/xp_ssl.c:259
#22 0x08283604 in _php_stream_free (stream=0x960fff8, close_options=11) at /usr/src/php-5.2.0/main/streams/streams.c:342
#23 0x08283867 in stream_resource_regular_dtor (rsrc=0x96100a8) at /usr/src/php-5.2.0/main/streams/streams.c:1365
#24 0x082bf503 in list_entry_destructor (ptr=0x96100a8) at /usr/src/php-5.2.0/Zend/zend_list.c:184
#25 0x082be991 in zend_hash_del_key_or_index (ht=0x8580e20, arKey=<value optimized out>, nKeyLength=0, h=4, flag=1)
    at /usr/src/php-5.2.0/Zend/zend_hash.c:492
#26 0x082bf79a in _zend_list_delete (id=4) at /usr/src/php-5.2.0/Zend/zend_list.c:58
#27 0x0820c654 in zif_fclose (ht=1, return_value=0x9610a1c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /usr/src/php-5.2.0/ext/standard/file.c:872
#28 0x082e10b0 in zend_do_fcall_common_helper_SPEC (execute_data=0xbff84c7c) at /usr/src/php-5.2.0/Zend/zend_vm_execute.h:200
#29 0x082d106d in execute (op_array=0x960fa1c) at /usr/src/php-5.2.0/Zend/zend_vm_execute.h:92
#30 0x082b2424 in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /usr/src/php-5.2.0/Zend/zend.c:1097
#31 0x0826df53 in php_execute_script (primary_file=0xbff870e0) at /usr/src/php-5.2.0/main/main.c:1758
#32 0x08335bec in main (argc=2, argv=0xbff871f4) at /usr/src/php-5.2.0/sapi/cli/php_cli.c:1108
 [2007-01-30 21:45 UTC] tony2001@php.net
Please try building PHP without MySQL and see if that helps.
If it does, than you're facing a problem described here: http://bugs.mysql.com/bug.php?id=19817
 [2007-01-30 22:05 UTC] razzul69 at yahoo dot com
That seemed to fix it. I will try it with the new mysql build. My apologies for not finding this my self.
 [2007-01-31 23:38 UTC] razzul69 at yahoo dot com
closing
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 01 21:05:53 2022 UTC