php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46832 memleak on handles duplicated with curl_copy_handle()
Submitted: 2008-12-11 05:57 UTC Modified: 2008-12-11 13:55 UTC
From: magicaltux@php.net Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.2CVS-2008-12-11 (CVS) OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: magicaltux@php.net
New email:
PHP Version: OS:

 

 [2008-12-11 05:57 UTC] magicaltux@php.net
Description:
------------
When an handle is copied with curl_copy_handle(), its ability to free memory used by strings is disabled.

In ext/curl/interface.c near line 1215 :

  zend_llist_copy(&dupch->to_free.str, &ch->to_free.str);
  /* Don't try to free copied strings, they're free'd when the original handle is destroyed */
  dupch->to_free.str.dtor = NULL;
  zend_llist_copy(&dupch->to_free.slist, &ch->to_free.slist);
  zend_llist_copy(&dupch->to_free.post, &ch->to_free.post);

1. New strings allocated by this new handle will have "NULL" as dtor
2. slist and post will still be free'd on both handles. Freeing one handle first also probably breaks the second handle
3. The copied handle will have unexpected behaviour with libcurl <7.17.0 if the source handle is freed before the copied handle.

Two options exists here:

1. Disable this function for people who don't have at least libcurl 7.17.0, and let libcurl handle duplication of strings, etc.. (it now does this automatically, cf bug #45161).
2. Manually duplicate all options that are set in the source curl handle and register them in newly allocated handle on curl_copy_handle(). This can lead to errors as we do not keep record of all set options.

Reproduce code:
---------------
<?php

$ch = curl_init();

for($i = 0; $i < 2048; ++$i) {
	$ch2 = curl_copy_handle($ch);

	curl_setopt($ch2, CURLOPT_URL, 'http://localhost/test/tset/est');

	curl_close($ch2);

	var_dump(memory_get_usage());
}


Expected result:
----------------
(always the same int dumped)

Actual result:
--------------
[...]
int(415128)
int(415256)
int(415384)
int(415512)
int(415640)
int(415768)
int(415896)
int(416024)
int(416152)
int(416280)
int(416408)
int(416536)
int(416664)
[Thu Dec 11 06:50:37 2008]  Script:  'curl_memleak.php'
ext/curl/interface.c(1342) :  Freeing 0x0198CB78 (31 bytes), script=curl_memleak.php
Last leak repeated 2047 times
=== Total 2048 memory leaks detected ===


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-11 13:55 UTC] magicaltux@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Fix for bug #45161 is likely to fix this issue as well, as long as you have libcurl >= 7.17.0.

Thank you for your interest in PHP.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 10:01:28 2024 UTC