PHP :: Bug #44947 :: double free or corruption curl FOLLOWLOCATION

Bug #44947	double free or corruption curl FOLLOWLOCATION
Submitted:	2008-05-08 13:38 UTC	Modified:	2008-05-08 15:49 UTC
From:	jcardona at allglobalnames dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.2CVS-2008-05-08 (snap)	OS:	Fedora release 8 (Werewolf)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 15 + 29 = ?
Subscribe to this entry?

[2008-05-08 13:38 UTC] jcardona at allglobalnames dot com

Description:
------------
PHP crashes when using CURL_OPT_FOLLOWLOCATION giving:
*** glibc detected *** ./php: double free or corruption (!prev): 0x14d3f6f0 ***
Without CURL_OPT_FOLLOWLOCATION the code runs for ever.
Compiled PHP from sanpshot: php5.2-200805081230
./configure  --with-apxs2=/usr/local/apache2/bin/apxs --prefix=/usr/local/apache2/php --with-config-file-path=/usr/local/apache2/php --enable-force-cgi-redirect --disable-cgi --with-curl --with-openssl --enable-debug


Reproduce code:
---------------
<?
    $i = 1;
    while ( 1 )
    {
        echo "Download ".($i++)."\n";
        $ch = curl_init ( "http://www.allglobalnames.com" );

        curl_setopt ( $ch, CURLOPT_FOLLOWLOCATION, 1 );
        curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 );
        $html = curl_exec ( $ch );
        curl_close ( $ch );
    }
?>


Expected result:
----------------
Endless loop:

Download 1
Download 2
(...)
Download 1000
(...)


Actual result:
--------------
Donwload 1
(...)
Download 131
*** glibc detected *** ./php: double free or corruption (!prev): 0x14d3f6f0 ***
======= Backtrace: =========
/lib/libc.so.6[0x818ac1]
/lib/libc.so.6(cfree+0x90)[0x81c0f0]
/usr/lib/libnspr4.so(PR_Free+0x38)[0x2e0e0b8]
/usr/lib/libnsspem.so[0x434ba5]
/usr/lib/libnsspem.so[0x4242d8]
/usr/lib/libnsspem.so[0x4250be]
/usr/lib/libnsspem.so[0x429875]
/usr/lib/libnsspem.so[0x430d29]
/usr/lib/libnsspem.so[0x4204ec]
/usr/lib/libnss3.so[0x2e90b62]
/usr/lib/libnss3.so(PK11_CreateGenericObject+0x50)[0x2e90d80]
/usr/lib/libcurl.so.4[0x3c77f8]
/usr/lib/libcurl.so.4(Curl_nss_connect+0x5e6)[0x3c8446]
/usr/lib/libcurl.so.4(Curl_ssl_connect+0x2f)[0x3c4ddf]
/usr/lib/libcurl.so.4(Curl_http_connect+0xa7)[0x3a5077]
/usr/lib/libcurl.so.4(Curl_protocol_connect+0x7b)[0x3ada3b]
/usr/lib/libcurl.so.4(Curl_connect+0x2e8)[0x3b0648]
/usr/lib/libcurl.so.4(Curl_perform+0xfc)[0x3ba17c]
/usr/lib/libcurl.so.4(curl_easy_perform+0x5d)[0x3ba7cd]
./php(zif_curl_exec+0x98)[0x80b34b8]
./php[0x82d79a8]
./php(execute+0x12d)[0x82c94cd]
./php(zend_execute_scripts+0x152)[0x82abc12]
./php(php_execute_script+0x1c3)[0x826be23]
./php(main+0xc40)[0x8327a10]
/lib/libc.so.6(__libc_start_main+0xe0)[0x7c5390]
./php(realloc+0x99)[0x808bc71]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00111000-0017a000 r-xp 00000000 fd:00 168592530  /usr/local/mysql-5.0.51a-linux-i686-icc-glibc23/lib/libmysqlclient.so.15
0017a000-00289000 rwxp 00069000 fd:00 168592530  /usr/local/mysql-5.0.51a-linux-i686-icc-glibc23/lib/libmysqlclient.so.15
00289000-0028a000 rwxp 00289000 00:00 0
0028a000-002d0000 r-xp 00000000 fd:00 167708020  /usr/lib/libmhash.so.2.0.1
002d0000-002d1000 rwxp 00046000 fd:00 167708020  /usr/lib/libmhash.so.2.0.1
002d1000-00301000 r-xp 00000000 fd:00 167717656  /usr/lib/libidn.so.11.5.28
00301000-00302000 rwxp 00030000 fd:00 167717656  /usr/lib/libidn.so.11.5.28
00302000-0030c000 r-xp 00000000 fd:00 82837612   /lib/libnss_files-2.7.so
0030c000-0030d000 r-xp 00009000 fd:00 82837612   /lib/libnss_files-2.7.so
0030d000-0030e000 rwxp 0000a000 fd:00 82837612   /lib/libnss_files-2.7.so
0030e000-00312000 r-xp 00000000 fd:00 82837610   /lib/libnss_dns-2.7.so
00312000-00313000 r-xp 00003000 fd:00 82837610   /lib/libnss_dns-2.7.so
00313000-00314000 rwxp 00004000 fd:00 82837610   /lib/libnss_dns-2.7.so
00314000-00366000 r-xp 00000000 fd:00 167712416  /usr/lib/libsoftokn3.so
00366000-0036a000 rwxp 00051000 fd:00 167712416  /usr/lib/libsoftokn3.so
0036a000-00389000 r-xp 00000000 fd:00 168821545  /usr/lib/pkcs11/libcoolkeypk11.so
00389000-0038a000 rwxp 0001f000 fd:00 168821545  /usr/lib/pkcs11/libcoolkeypk11.so
0038a000-00392000 r-xp 00000000 fd:00 167714068  /usr/lib/libpcsclite.so.1.0.0
00392000-00393000 rwxp 00008000 fd:00 167714068  /usr/lib/libpcsclite.so.1.0.0
00396000-003d3000 r-xp 00000000 fd:00 167729461  /usr/lib/libcurl.so.4.0.1
003d3000-003d5000 rwxp 0003c000 fd:00 167729461  /usr/lib/libcurl.so.4.0.1
003d5000-0040f000 r-xp 00000000 fd:00 167712411  /usr/lib/libfreebl3.so
0040f000-00410000 rwxp 00039000 fd:00 167712411  /usr/lib/libfreebl3.so
00410000-0041d000 r-xp 00000000 fd:00 167730042  /usr/lib/libckyapplet.so.1.0.0
0041d000-0041e000 rwxp 0000c000 fd:00 167730042  /usr/lib/libckyapplet.so.1.0.0
0041e000-00445000 r-xp 00000000 fd:00 167712414  /usr/lib/libnsspem.so
00445000-00446000 rwxp 00026000 fd:00 167712414  /usr/lib/libnsspem.so
004cc000-0055c000 r-xp 00000000 fd:00 167725032  /usr/lib/libkrb5.so.3.3
0055c000-0055f000 rwxp 0008f000 fd:00 167725032  /usr/lib/libkrb5.so.3.3
00561000-0058e000 r-xp 00000000 fd:00 167725033  /usr/lib/libgssapi_krb5.so.2.2
0058e000-0058f000 rwxp 0002d000 fd:00 167725033  /usr/lib/libgssapi_krb5.so.2.2
005c9000-005ee000 r-xp 00000000 fd:00 167725031  /usr/lib/libk5crypto.so.3.1
005ee000-005ef000 rwxp 00025000 fd:00 167725031  /usr/lib/libk5crypto.so.3.1
005f1000-00632000 r-xp 00000000 fd:00 82837847   /lib/libssl.so.0.9.8b
00632000-00636000 rwxp 00040000 fd:00 82837847   /lib/libssl.so.0.9.8b
0063b000-00646000 r-xp 00000000 fd:00 82839002   /lib/libgcc_s-4.1.2-20070925.so.1
00646000-00647000 rwxp 0000a000 fd:00 82839002   /lib/libgcc_s-4.1.2-20070925.so.1
0077e000-00780000 r-xp 00000000 fd:00 82838991   /lib/libkeyutils-1.2.so
00780000-00781000 rwxp 00001000 fd:00 82838991   /lib/libkeyutils-1.2.so
00790000-007ab000 r-xp 00000000 fd:00 82838975   /lib/ld-2.7.so
007ab000-007ac000 r-xp 0001a000 fd:00 82838975   /lib/ld-2.7.so
007ac000-007ad000 rwxp 0001b000 fd:00 82838975   /lib/ld-2.7.so
007af000-00902000 r-xp 00000000 fd:00 82838976   /lib/libc-2.7.so
00902000-00904000 r-xp 00153000 fd:00 82838976   /lib/libc-2.7.so
00904000-00905000 rwxp 00155000 fd:00 82838976   /lib/libc-2.7.so
00905000-00908000 rwxp 00905000 00:00 0
0090a000-00931000 r-xp 00000000 fd:00 82838980   /lib/libm-2.7.so
00931000-00932000 r-xp 00026000 fd:00 82838980   /lib/libm-2.7.so
00932000-00933000 rwxp 00027000 fd:00 82838980   /lib/libm-2.7.so
00935000-00938000 r-xp 00000000 fd:00 82838977   /lib/libdl-2.7.so
00938000-00939000 r-xp 00002000 fd:00 82838977   /lib/libdl-2.7.so
00939000-0093a000 rwxp 00003000 fd:00 82838977   /lib/libdl-2.7.so
0093c000-00951000 r-xp 00000000 fd:00 82838978   /lib/libpthread-2.7.so
00951000-00952000 r-xp 00014000 fd:00 82838978   /lib/libpthread-2.7.so
00952000-00953000 rwxp 00015000 fd:00 82838978   /lib/libpthread-2.7.so
00953000-00955000 rwxp 00953000 00:00 0
00957000-00969000 r-xp 00000000 fd:00 82838979   /lib/libz.so.1.2.3
00969000-0096a000 rwxp 00011000 fd:00 82838979   /lib/libz.so.1.2.3
00a15000-00a2e000 r-xp 00000000 fd:00 82837695   /lib/libselinux.so.1
00a2e000-00a30000 rwxp 00018000 fd:00 82837695   /lib/libselinux.so.1
00a3f000-00a46000 r-xp 00000000 fd:00 82838986   /lib/librt-2.7.so
00a46000-00a47000 r-xp 00007000 fd:00 82838986   /lib/librt-2.7.so
00a47000-00a48000 rwxp 00008000 fd:00 82838986   /lib/librt-2.7.so
00b76000-00b78000 r-xp 00000000 fd:00 82837838   /lib/libcom_err.so.2.1
00b78000-00b79000 rwxp 00001000 fd:00 82837838   /lib/libcom_err.so.2.1
00c98000-00ca0000 r-xp 00000000 fd:00 167725030  /usr/lib/libkrb5support.so.0.1
00ca0000-00ca1000 rwxp 00007000 fd:00 167725030  /usr/lib/libkrb5support.so.0.1
00cba000-00ccf000 r-xp 00000000 fd:00 82838990   /lib/libnsl-2.7.so
00ccf000-00cd0000 r-xp 00014000 fd:00 82838990   /lib/libnsl-2.7.so
00cd0000-00cd1000 rwxp 00015000 fd:00 82838990   /lib/libnsl-2.7.so
00cd1000-00cd3000 rwxp 00cd1000 00:00 0
00cf8000-00d1d000 r-xp 00000000 fd:00 167712302  /usr/lib/libpng12.so.0.22.0
00d1d000-00d1e000 rwxp 00025000 fd:00 167712302  /usr/lib/libpng12.so.0.22.0
00d74000-00d84000 r-xp 00000000 fd:00 82838992   /lib/libresolv-2.7.so
00d84000-00d85000 r-xp 00010000 fd:00 82838992   /lib/libresolv-2.7.so
00d85000-00d86000 rwxp 00011000 fd:00 82838992   /lib/libresolv-2.7.so
00d86000-00d88000 rwxp 00d86000 00:00 0
026eb000-02808000 r-xp 00000000 fd:00 82838994   /lib/libcrypto.so.0.9.8b
02808000-0281a000 rwxp 0011d000 fd:00 82838994   /lib/libcrypto.so.0.9.8b
0281a000-0281e000 rwxp 0281a000 00:00 0
02b93000-02c73000 r-xp 00000000 fd:00 167713389  /usr/lib/libstdc++.so.6.0.8
02c73000-02c77000 r-xp 000df000 fd:00 167713389  /usr/lib/libstdc++.so.6.0.8
02c77000-02c78000 rwxp 000e3000 fd:00 167713389  /usr/lib/libstdc++.so.6.0.8
02c78000-02c7e000 rwxp 02c78000 00:00 0
02dac000-02db5000 r-xp 00000000 fd:00 82838999   /lib/libcrypt-2.7.so
02db5000-02db6000 r-xp 00008000 fd:00 82838999   /lib/libcrypt-2.7.so
02db6000-02db7000 rwxp 00009000 fd:00 82838999   /lib/libcrypt-2.7.so
02db7000-02dde000 rwxp 02db7000 00:00 0
02de0000-02de2000 r-xp 00000000 fd:00 167733613  /usr/lib/libplds4.so
02de2000-02de3000 rwxp 00002000 fd:00 167733613  /usr/lib/libplds4.so
02de5000-02de9000 r-xp 00000000 fd:00 167733614  /usr/lib/libplc4.so
02de9000-02dea000 rwxp 00003000 fd:00 167733614  /usr/lib/libplc4.so
02dfd000-02e32000 r-xp 00000000 fd:00 167712783  /usr/lib/libnspr4.so
02e32000-02e33000 rwxp 00035000 fd:00 167712783  /usr/lib/libnspr4.so
02e33000-02e35000 rwxp 02e33000 00:00 0
02e37000-02e60000 r-xp 00000000 fd:00 167733616  /usr/lib/libssl3.so
02e60000-02e61000 rwxp 00029000 fd:00 167733616  /usr/lib/libssl3.so
02e61000-02e62000 rwxp 02e61000 00:00 0
02e64000-02ee3000 r-xp 00000000 fd:00 167713938  /usr/lib/libnss3.so
02ee3000-02ee8000 rwxp 0007e000 fd:00 167713938  /usr/lib/libnss3.so
02eea000-02f0f000 r-xp 00000000 fd:00 167733617  /usr/lib/libsmime3.so
02f0f000-02f11000 rwxp 00025000 fd:00 167733617  /usr/lib/libsmime3.so
065ed000-0671d000 r-xp 00000000 fd:00 167729498  /usr/lib/libxml2.so.2.6.32
0671d000-06722000 rwxp 0012f000 fd:00 167729498  /usr/lib/libxml2.so.2.6.32
06722000-06723000 rwxp 06722000 00:00 0
08048000-083fd000 r-xp 00000000 fd:00 234099030  /root/Soft/php5.2-200805081230/sapi/cli/php
083fd000-08421000 rw-p 003b5000 fd:00 234099030  /root/Soft/php5.2-200805081230/sapi/cli/php
08421000-0842b000 rw-p 08421000 00:00 0
09301000-164c1000 rw-p 09301000 00:00 0
b7b00000-b7b21000 rw-p b7b00000 00:00 0
b7b21000-b7c00000 ---p b7b21000 00:00 0
b7ccd000-b7ecd000 r--p 00000000 fd:00 167709892  /usr/lib/locale/locale-archive
b7f0a000-b7f0e000 rw-s 00000000 fd:00 63701058   /var/cache/coolkey/coolkeypk11sE-Gate 0 0-0
b7f0e000-b7f16000 rw-p b7f0e000 00:00 0
b7f18000-b7f19000 r--s 0000f000 fd:00 63668682   /var/run/pcscd.pub
b7f19000-b7f1a000 r--s 0000e000 fd:00 63668682   /var/run/pcscd.pub
b7f1a000-b7f1b000 r--s 0000d000 fd:00 63668682   /var/run/pcscd.pub
b7f1b000-b7f1c000 r--s 0000c000 fd:00 63668682   /var/run/pcscd.pub
b7f1c000-b7f1d000 r--s 0000b000 fd:00 63668682   /var/run/pcscd.pub
b7f1d000-b7f1e000 r--s 0000a000 fd:00 63668682   /var/run/pcscd.pub
b7f1e000-b7f1f000 r--s 00009000 fd:00 63668682   /var/run/pcscd.pub
b7f1f000-b7f20000 r--s 00008000 fd:00 63668682   /var/run/pcscd.pub
b7f20000-b7f21000 r--s 00007000 fd:00 63668682   /var/run/pcscd.pub
b7f21000-b7f22000 r--s 00006000 fd:00 63668682   /var/run/pcscd.pub
b7f22000-b7f23000 r--s 00005000 fd:00 63668682   /var/run/pcscd.pub
b7f23000-b7f24000 r--s 00004000 fd:00 63668682   /var/run/pcscd.pub
b7f24000-b7f25000 r--s 00003000 fd:00 63668682   /var/run/pcscd.pub
b7f25000-b7f26000 r--s 00002000 fd:00 63668682   /var/run/pcscd.pub
b7f26000-b7f27000 r--s 00001000 fd:00 63668682   /var/run/pcscd.pub
b7f27000-b7f29000 rw-p b7f27000 00:00 0
b7f29000-b7f2a000 r--s 00000000 fd:00 63668682   /var/run/pcscd.pub
b7f2a000-b7f2b000 rw-p b7f2a000 00:00 0
bfe81000-bfe94000 rwxp bffea000 00:00 0          [stack]
bfe94000-bfe96000 rw-p bfffd000 00:00 0
Abortado (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-05-08 15:49 UTC] jcardona at allglobalnames dot com

Seems to work by bypassing fedora installed curl 7.17.1 and downloading-compiling-installing fresh curl 7.18.1, then reconfiguring php with '--with-curl=<path to curl 7.18.1>' and reinstalling php. 

Curl 7.17.1 -V
curl 7.17.1 (i386-redhat-linux-gnu) libcurl/7.17.1 NSS/3.11.7.1 zlib/1.2.3 libidn/0.6.14
Protocols: tftp ftp telnet dict http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile SSL libz

Curl 7.18.1 -V
curl 7.18.1 (i686-pc-linux-gnu) libcurl/7.18.1 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.14
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: IDN IPv6 Largefile NTLM SSL libz

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 18:01:28 2024 UTC