php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40635 segfault in curl extension
Submitted: 2007-02-26 05:36 UTC Modified: 2007-02-26 09:14 UTC
From: shar at cflash dot com Assigned:
Status: Closed Package: cURL related
PHP Version: 4.4.6RC1 OS: FreeBSD 4.11, 6.2
Private report: No CVE-ID:
 [2007-02-26 05:36 UTC] shar at cflash dot com
Description:
------------
php segfaults on curl_exec, 2nd call in the sample code. Crashes with 4.4.5 and STABLE-200702260130 snapshot.

Reproduce code:
---------------
<?
$url="http://www.php.net/";

$l = curl_init ();

curl_setopt ($l, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($l, CURLOPT_URL, "{$url}/index.php");
curl_exec ($l);

curl_setopt ($l, CURLOPT_URL, $url);
$r = curl_exec ($l);
?>

Expected result:
----------------
run w/o segfault

Actual result:
--------------
#0  0x80eb7fc in _erealloc (ptr=0x81be024, size=28520, allow_failure=0, 
    __zend_filename=0x28289ba0 "/usr/local/include/php/ext/standard/php_smart_str.h", __zend_lineno=83, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /usr/ports-current/ports/lang/php4/work/php4-STABLE-200702260130/Zend/zend_alloc.c:350
350             REMOVE_POINTER_FROM_LIST(p);

#1  0x28286bc2 in curl_write (
    data=0x81b55b4 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n
", ' ' <repeats 22 times>, "\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\
">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"..., size=1, nmemb=1076, ctx=0x81a8a24)
    at /usr/local/include/php/ext/standard/php_smart_str.h:83
83              smart_str_alloc(dest, len, what);


#2  0x2829cb6c in Curl_client_write () from /usr/local/lib/libcurl.so.4
#3  0x282b05b9 in Curl_httpchunk_read () from /usr/local/lib/libcurl.so.4
#4  0x282ae389 in Curl_readwrite () from /usr/local/lib/libcurl.so.4
#5  0x282aefda in Transfer () from /usr/local/lib/libcurl.so.4
#6  0x282af90f in Curl_perform () from /usr/local/lib/libcurl.so.4
#7  0x282afea5 in curl_easy_perform () from /usr/local/lib/libcurl.so.4
#8  0x28288fbf in zif_curl_exec (ht=1, return_value=0x81b3724, this_ptr=0x0, 
    return_value_used=1)
    at /usr/ports-current/ports/ftp/php4-curl/work/php4-STABLE-200702260130/ext/curl/curl.c:1294

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-02-26 09:14 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC