PHP :: Bug #44947 :: double free or corruption curl FOLLOWLOCATION

Bug #44947	double free or corruption curl FOLLOWLOCATION
Submitted:	2008-05-08 13:38 UTC	Modified:	2008-05-08 15:49 UTC
From:	jcardona at allglobalnames dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.2CVS-2008-05-08 (snap)	OS:	Fedora release 8 (Werewolf)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jcardona at allglobalnames dot com
New email:
PHP Version:		OS:

New Comment:

[2008-05-08 13:38 UTC] jcardona at allglobalnames dot com

Description:
------------
PHP crashes when using CURL_OPT_FOLLOWLOCATION giving:
*** glibc detected *** ./php: double free or corruption (!prev): 0x14d3f6f0 ***
Without CURL_OPT_FOLLOWLOCATION the code runs for ever.
Compiled PHP from sanpshot: php5.2-200805081230
./configure  --with-apxs2=/usr/local/apache2/bin/apxs --prefix=/usr/local/apache2/php --with-config-file-path=/usr/local/apache2/php --enable-force-cgi-redirect --disable-cgi --with-curl --with-openssl --enable-debug


Reproduce code:
---------------
<?
    $i = 1;
    while ( 1 )
    {
        echo "Download ".($i++)."\n";
        $ch = curl_init ( "http://www.allglobalnames.com" );

        curl_setopt ( $ch, CURLOPT_FOLLOWLOCATION, 1 );
        curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 );
        $html = curl_exec ( $ch );
        curl_close ( $ch );
    }
?>


Expected result:
----------------
Endless loop:

Download 1
Download 2
(...)
Download 1000
(...)


Actual result:
--------------
Donwload 1
(...)
Download 131
*** glibc detected *** ./php: double free or corruption (!prev): 0x14d3f6f0 ***
======= Backtrace: =========
/lib/libc.so.6[0x818ac1]
/lib/libc.so.6(cfree+0x90)[0x81c0f0]
/usr/lib/libnspr4.so(PR_Free+0x38)[0x2e0e0b8]
/usr/lib/libnsspem.so[0x434ba5]
/usr/lib/libnsspem.so[0x4242d8]
/usr/lib/libnsspem.so[0x4250be]
/usr/lib/libnsspem.so[0x429875]
/usr/lib/libnsspem.so[0x430d29]
/usr/lib/libnsspem.so[0x4204ec]
/usr/lib/libnss3.so[0x2e90b62]
/usr/lib/libnss3.so(PK11_CreateGenericObject+0x50)[0x2e90d80]
/usr/lib/libcurl.so.4[0x3c77f8]
/usr/lib/libcurl.so.4(Curl_nss_connect+0x5e6)[0x3c8446]
/usr/lib/libcurl.so.4(Curl_ssl_connect+0x2f)[0x3c4ddf]
/usr/lib/libcurl.so.4(Curl_http_connect+0xa7)[0x3a5077]
/usr/lib/libcurl.so.4(Curl_protocol_connect+0x7b)[0x3ada3b]
/usr/lib/libcurl.so.4(Curl_connect+0x2e8)[0x3b0648]
/usr/lib/libcurl.so.4(Curl_perform+0xfc)[0x3ba17c]
/usr/lib/libcurl.so.4(curl_easy_perform+0x5d)[0x3ba7cd]
./php(zif_curl_exec+0x98)[0x80b34b8]
./php[0x82d79a8]
./php(execute+0x12d)[0x82c94cd]
./php(zend_execute_scripts+0x152)[0x82abc12]
./php(php_execute_script+0x1c3)[0x826be23]
./php(main+0xc40)[0x8327a10]
/lib/libc.so.6(__libc_start_main+0xe0)[0x7c5390]
./php(realloc+0x99)[0x808bc71]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00111000-0017a000 r-xp 00000000 fd:00 168592530  /usr/local/mysql-5.0.51a-linux-i686-icc-glibc23/lib/libmysqlclient.so.15
0017a000-00289000 rwxp 00069000 fd:00 168592530  /usr/local/mysql-5.0.51a-linux-i686-icc-glibc23/lib/libmysqlclient.so.15
00289000-0028a000 rwxp 00289000 00:00 0
0028a000-002d0000 r-xp 00000000 fd:00 167708020  /usr/lib/libmhash.so.2.0.1
002d0000-002d1000 rwxp 00046000 fd:00 167708020  /usr/lib/libmhash.so.2.0.1
002d1000-00301000 r-xp 00000000 fd:00 167717656  /usr/lib/libidn.so.11.5.28
00301000-00302000 rwxp 00030000 fd:00 167717656  /usr/lib/libidn.so.11.5.28
00302000-0030c000 r-xp 00000000 fd:00 82837612   /lib/libnss_files-2.7.so
0030c000-0030d000 r-xp 00009000 fd:00 82837612   /lib/libnss_files-2.7.so
0030d000-0030e000 rwxp 0000a000 fd:00 82837612   /lib/libnss_files-2.7.so
0030e000-00312000 r-xp 00000000 fd:00 82837610   /lib/libnss_dns-2.7.so
00312000-00313000 r-xp 00003000 fd:00 82837610   /lib/libnss_dns-2.7.so
00313000-00314000 rwxp 00004000 fd:00 82837610   /lib/libnss_dns-2.7.so
00314000-00366000 r-xp 00000000 fd:00 167712416  /usr/lib/libsoftokn3.so
00366000-0036a000 rwxp 00051000 fd:00 167712416  /usr/lib/libsoftokn3.so
0036a000-00389000 r-xp 00000000 fd:00 168821545  /usr/lib/pkcs11/libcoolkeypk11.so
00389000-0038a000 rwxp 0001f000 fd:00 168821545  /usr/lib/pkcs11/libcoolkeypk11.so
0038a000-00392000 r-xp 00000000 fd:00 167714068  /usr/lib/libpcsclite.so.1.0.0
00392000-00393000 rwxp 00008000 fd:00 167714068  /usr/lib/libpcsclite.so.1.0.0
00396000-003d3000 r-xp 00000000 fd:00 167729461  /usr/lib/libcurl.so.4.0.1
003d3000-003d5000 rwxp 0003c000 fd:00 167729461  /usr/lib/libcurl.so.4.0.1
003d5000-0040f000 r-xp 00000000 fd:00 167712411  /usr/lib/libfreebl3.so
0040f000-00410000 rwxp 00039000 fd:00 167712411  /usr/lib/libfreebl3.so
00410000-0041d000 r-xp 00000000 fd:00 167730042  /usr/lib/libckyapplet.so.1.0.0
0041d000-0041e000 rwxp 0000c000 fd:00 167730042  /usr/lib/libckyapplet.so.1.0.0
0041e000-00445000 r-xp 00000000 fd:00 167712414  /usr/lib/libnsspem.so
00445000-00446000 rwxp 00026000 fd:00 167712414  /usr/lib/libnsspem.so
004cc000-0055c000 r-xp 00000000 fd:00 167725032  /usr/lib/libkrb5.so.3.3
0055c000-0055f000 rwxp 0008f000 fd:00 167725032  /usr/lib/libkrb5.so.3.3
00561000-0058e000 r-xp 00000000 fd:00 167725033  /usr/lib/libgssapi_krb5.so.2.2
0058e000-0058f000 rwxp 0002d000 fd:00 167725033  /usr/lib/libgssapi_krb5.so.2.2
005c9000-005ee000 r-xp 00000000 fd:00 167725031  /usr/lib/libk5crypto.so.3.1
005ee000-005ef000 rwxp 00025000 fd:00 167725031  /usr/lib/libk5crypto.so.3.1
005f1000-00632000 r-xp 00000000 fd:00 82837847   /lib/libssl.so.0.9.8b
00632000-00636000 rwxp 00040000 fd:00 82837847   /lib/libssl.so.0.9.8b
0063b000-00646000 r-xp 00000000 fd:00 82839002   /lib/libgcc_s-4.1.2-20070925.so.1
00646000-00647000 rwxp 0000a000 fd:00 82839002   /lib/libgcc_s-4.1.2-20070925.so.1
0077e000-00780000 r-xp 00000000 fd:00 82838991   /lib/libkeyutils-1.2.so
00780000-00781000 rwxp 00001000 fd:00 82838991   /lib/libkeyutils-1.2.so
00790000-007ab000 r-xp 00000000 fd:00 82838975   /lib/ld-2.7.so
007ab000-007ac000 r-xp 0001a000 fd:00 82838975   /lib/ld-2.7.so
007ac000-007ad000 rwxp 0001b000 fd:00 82838975   /lib/ld-2.7.so
007af000-00902000 r-xp 00000000 fd:00 82838976   /lib/libc-2.7.so
00902000-00904000 r-xp 00153000 fd:00 82838976   /lib/libc-2.7.so
00904000-00905000 rwxp 00155000 fd:00 82838976   /lib/libc-2.7.so
00905000-00908000 rwxp 00905000 00:00 0
0090a000-00931000 r-xp 00000000 fd:00 82838980   /lib/libm-2.7.so
00931000-00932000 r-xp 00026000 fd:00 82838980   /lib/libm-2.7.so
00932000-00933000 rwxp 00027000 fd:00 82838980   /lib/libm-2.7.so
00935000-00938000 r-xp 00000000 fd:00 82838977   /lib/libdl-2.7.so
00938000-00939000 r-xp 00002000 fd:00 82838977   /lib/libdl-2.7.so
00939000-0093a000 rwxp 00003000 fd:00 82838977   /lib/libdl-2.7.so
0093c000-00951000 r-xp 00000000 fd:00 82838978   /lib/libpthread-2.7.so
00951000-00952000 r-xp 00014000 fd:00 82838978   /lib/libpthread-2.7.so
00952000-00953000 rwxp 00015000 fd:00 82838978   /lib/libpthread-2.7.so
00953000-00955000 rwxp 00953000 00:00 0
00957000-00969000 r-xp 00000000 fd:00 82838979   /lib/libz.so.1.2.3
00969000-0096a000 rwxp 00011000 fd:00 82838979   /lib/libz.so.1.2.3
00a15000-00a2e000 r-xp 00000000 fd:00 82837695   /lib/libselinux.so.1
00a2e000-00a30000 rwxp 00018000 fd:00 82837695   /lib/libselinux.so.1
00a3f000-00a46000 r-xp 00000000 fd:00 82838986   /lib/librt-2.7.so
00a46000-00a47000 r-xp 00007000 fd:00 82838986   /lib/librt-2.7.so
00a47000-00a48000 rwxp 00008000 fd:00 82838986   /lib/librt-2.7.so
00b76000-00b78000 r-xp 00000000 fd:00 82837838   /lib/libcom_err.so.2.1
00b78000-00b79000 rwxp 00001000 fd:00 82837838   /lib/libcom_err.so.2.1
00c98000-00ca0000 r-xp 00000000 fd:00 167725030  /usr/lib/libkrb5support.so.0.1
00ca0000-00ca1000 rwxp 00007000 fd:00 167725030  /usr/lib/libkrb5support.so.0.1
00cba000-00ccf000 r-xp 00000000 fd:00 82838990   /lib/libnsl-2.7.so
00ccf000-00cd0000 r-xp 00014000 fd:00 82838990   /lib/libnsl-2.7.so
00cd0000-00cd1000 rwxp 00015000 fd:00 82838990   /lib/libnsl-2.7.so
00cd1000-00cd3000 rwxp 00cd1000 00:00 0
00cf8000-00d1d000 r-xp 00000000 fd:00 167712302  /usr/lib/libpng12.so.0.22.0
00d1d000-00d1e000 rwxp 00025000 fd:00 167712302  /usr/lib/libpng12.so.0.22.0
00d74000-00d84000 r-xp 00000000 fd:00 82838992   /lib/libresolv-2.7.so
00d84000-00d85000 r-xp 00010000 fd:00 82838992   /lib/libresolv-2.7.so
00d85000-00d86000 rwxp 00011000 fd:00 82838992   /lib/libresolv-2.7.so
00d86000-00d88000 rwxp 00d86000 00:00 0
026eb000-02808000 r-xp 00000000 fd:00 82838994   /lib/libcrypto.so.0.9.8b
02808000-0281a000 rwxp 0011d000 fd:00 82838994   /lib/libcrypto.so.0.9.8b
0281a000-0281e000 rwxp 0281a000 00:00 0
02b93000-02c73000 r-xp 00000000 fd:00 167713389  /usr/lib/libstdc++.so.6.0.8
02c73000-02c77000 r-xp 000df000 fd:00 167713389  /usr/lib/libstdc++.so.6.0.8
02c77000-02c78000 rwxp 000e3000 fd:00 167713389  /usr/lib/libstdc++.so.6.0.8
02c78000-02c7e000 rwxp 02c78000 00:00 0
02dac000-02db5000 r-xp 00000000 fd:00 82838999   /lib/libcrypt-2.7.so
02db5000-02db6000 r-xp 00008000 fd:00 82838999   /lib/libcrypt-2.7.so
02db6000-02db7000 rwxp 00009000 fd:00 82838999   /lib/libcrypt-2.7.so
02db7000-02dde000 rwxp 02db7000 00:00 0
02de0000-02de2000 r-xp 00000000 fd:00 167733613  /usr/lib/libplds4.so
02de2000-02de3000 rwxp 00002000 fd:00 167733613  /usr/lib/libplds4.so
02de5000-02de9000 r-xp 00000000 fd:00 167733614  /usr/lib/libplc4.so
02de9000-02dea000 rwxp 00003000 fd:00 167733614  /usr/lib/libplc4.so
02dfd000-02e32000 r-xp 00000000 fd:00 167712783  /usr/lib/libnspr4.so
02e32000-02e33000 rwxp 00035000 fd:00 167712783  /usr/lib/libnspr4.so
02e33000-02e35000 rwxp 02e33000 00:00 0
02e37000-02e60000 r-xp 00000000 fd:00 167733616  /usr/lib/libssl3.so
02e60000-02e61000 rwxp 00029000 fd:00 167733616  /usr/lib/libssl3.so
02e61000-02e62000 rwxp 02e61000 00:00 0
02e64000-02ee3000 r-xp 00000000 fd:00 167713938  /usr/lib/libnss3.so
02ee3000-02ee8000 rwxp 0007e000 fd:00 167713938  /usr/lib/libnss3.so
02eea000-02f0f000 r-xp 00000000 fd:00 167733617  /usr/lib/libsmime3.so
02f0f000-02f11000 rwxp 00025000 fd:00 167733617  /usr/lib/libsmime3.so
065ed000-0671d000 r-xp 00000000 fd:00 167729498  /usr/lib/libxml2.so.2.6.32
0671d000-06722000 rwxp 0012f000 fd:00 167729498  /usr/lib/libxml2.so.2.6.32
06722000-06723000 rwxp 06722000 00:00 0
08048000-083fd000 r-xp 00000000 fd:00 234099030  /root/Soft/php5.2-200805081230/sapi/cli/php
083fd000-08421000 rw-p 003b5000 fd:00 234099030  /root/Soft/php5.2-200805081230/sapi/cli/php
08421000-0842b000 rw-p 08421000 00:00 0
09301000-164c1000 rw-p 09301000 00:00 0
b7b00000-b7b21000 rw-p b7b00000 00:00 0
b7b21000-b7c00000 ---p b7b21000 00:00 0
b7ccd000-b7ecd000 r--p 00000000 fd:00 167709892  /usr/lib/locale/locale-archive
b7f0a000-b7f0e000 rw-s 00000000 fd:00 63701058   /var/cache/coolkey/coolkeypk11sE-Gate 0 0-0
b7f0e000-b7f16000 rw-p b7f0e000 00:00 0
b7f18000-b7f19000 r--s 0000f000 fd:00 63668682   /var/run/pcscd.pub
b7f19000-b7f1a000 r--s 0000e000 fd:00 63668682   /var/run/pcscd.pub
b7f1a000-b7f1b000 r--s 0000d000 fd:00 63668682   /var/run/pcscd.pub
b7f1b000-b7f1c000 r--s 0000c000 fd:00 63668682   /var/run/pcscd.pub
b7f1c000-b7f1d000 r--s 0000b000 fd:00 63668682   /var/run/pcscd.pub
b7f1d000-b7f1e000 r--s 0000a000 fd:00 63668682   /var/run/pcscd.pub
b7f1e000-b7f1f000 r--s 00009000 fd:00 63668682   /var/run/pcscd.pub
b7f1f000-b7f20000 r--s 00008000 fd:00 63668682   /var/run/pcscd.pub
b7f20000-b7f21000 r--s 00007000 fd:00 63668682   /var/run/pcscd.pub
b7f21000-b7f22000 r--s 00006000 fd:00 63668682   /var/run/pcscd.pub
b7f22000-b7f23000 r--s 00005000 fd:00 63668682   /var/run/pcscd.pub
b7f23000-b7f24000 r--s 00004000 fd:00 63668682   /var/run/pcscd.pub
b7f24000-b7f25000 r--s 00003000 fd:00 63668682   /var/run/pcscd.pub
b7f25000-b7f26000 r--s 00002000 fd:00 63668682   /var/run/pcscd.pub
b7f26000-b7f27000 r--s 00001000 fd:00 63668682   /var/run/pcscd.pub
b7f27000-b7f29000 rw-p b7f27000 00:00 0
b7f29000-b7f2a000 r--s 00000000 fd:00 63668682   /var/run/pcscd.pub
b7f2a000-b7f2b000 rw-p b7f2a000 00:00 0
bfe81000-bfe94000 rwxp bffea000 00:00 0          [stack]
bfe94000-bfe96000 rw-p bfffd000 00:00 0
Abortado (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-05-08 15:49 UTC] jcardona at allglobalnames dot com

Seems to work by bypassing fedora installed curl 7.17.1 and downloading-compiling-installing fresh curl 7.18.1, then reconfiguring php with '--with-curl=<path to curl 7.18.1>' and reinstalling php. 

Curl 7.17.1 -V
curl 7.17.1 (i386-redhat-linux-gnu) libcurl/7.17.1 NSS/3.11.7.1 zlib/1.2.3 libidn/0.6.14
Protocols: tftp ftp telnet dict http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile SSL libz

Curl 7.18.1 -V
curl 7.18.1 (i686-pc-linux-gnu) libcurl/7.18.1 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.14
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: IDN IPv6 Largefile NTLM SSL libz

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2020 The PHP Group All rights reserved.	Last updated: Sat Apr 04 00:01:24 2020 UTC