php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46711 cUrl leaks memory
Submitted: 2008-11-28 16:03 UTC Modified: 2008-11-30 17:36 UTC
From: thomas at koch dot ro Assigned:
Status: Closed Package: cURL related
PHP Version: 5.3CVS-2008-11-28 (CVS) OS: Debian Lenny
Private report: No CVE-ID:
 [2008-11-28 16:03 UTC] thomas at koch dot ro
Description:
------------
Setting cURL options in a foreach leaks memory

Reproduce code:
---------------
$ch = curl_init();

$opt = array(
    CURLOPT_AUTOREFERER  => TRUE,
    CURLOPT_BINARYTRANSFER => TRUE
);

// This works fine:
//curl_setopt( $ch, CURLOPT_AUTOREFERER  , TRUE );
//curl_setopt( $ch, CURLOPT_BINARYTRANSFER , TRUE );

// setting the options in a foreach leads to memory leaks
foreach( $opt as $option => $value ) {
    curl_setopt( $ch, $option, $value );
}


Expected result:
----------------
no output

Actual result:
--------------
[Fri Nov 28 17:01:18 2008]  Script:  '/home/ymc-toko/curl_bug.php'
/var/checkouts/php5_3/ext/curl/interface.c(1505) :  Freeing 0x030C6BE8 (32 bytes), script=/home/ymc-toko/curl_bug.php
[Fri Nov 28 17:01:18 2008]  Script:  '/home/ymc-toko/curl_bug.php'
/var/checkouts/php5_3/ext/curl/interface.c(1397) :  Freeing 0x030C6C68 (32 bytes), script=/home/ymc-toko/curl_bug.php
=== Total 2 memory leaks detected ===

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-28 17:23 UTC] magicaltux@php.net
Just for info, I believe there's a bug somewhere.

After the foreach() loop, $opt looks like this:

array(2) {
  [58]=>
  NULL
  [19914]=>
  bool(true)
}

Assigning $value by reference in the foreach makes the bug disappear.

I had a look at xml_parser_set_option() (similar function) and tried to make curl_set_opt() use the same way to get args, it seems to have fixed the problem (haven't played enough with ZE yet to know for sure if it's the correct fix).

Patch:

http://ookoo.org/svn/snip/php-5.3.0alpha3_curl_mem_bug.patch
 [2008-11-29 06:26 UTC] magicaltux@php.net
For reference: a test file for this bug (which uses the fact that the array becomes corrupted).

http://ookoo.org/svn/snip/bug46711.phpt
 [2008-11-30 17:36 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 22:02:05 2014 UTC