|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47616 curl keeps crashing
Submitted: 2009-03-10 21:42 UTC Modified: 2009-03-16 15:10 UTC
From: phpbugs at rizzt dot kicks-ass dot org Assigned: felipe
Status: Closed Package: cURL related
PHP Version: 5.2.9 OS: fedora 8,10
Private report: No CVE-ID:
 [2009-03-10 21:42 UTC] phpbugs at rizzt dot kicks-ass dot org
After upgrading to PHP 5.2.9, the code below does not run anymore.
It is not possible to reproduce the bug with a simple script.

This code terminates in 5.2.9 always, but runs in 5.2.8 without any 

I do not know if it happens using the same resource or only 

Reproduce code:
$ch = curl_init($url);
echo "ok";
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
echo "never shows";

Expected result:
never shows

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-10 23:28 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2009-03-11 12:21 UTC] phpbugs at rizzt dot kicks-ass dot org
Here is the backtrace

'./configure'  '--with-openssl' '--with-mysql' '--with-gd' '--with-
freetype-dir=/usr' '--with-png-dir' '--with-jpeg-dir' '--with-curl' 
'--with-zlib' '--with-bz2' '--enable-pcntl' '--with-
apxs2=/usr/local/apache2/bin/apxs' '--enable-debug'

(gdb) frame 5
#5  0x00007ffff75a3bdd in zend_do_fcall_common_helper_SPEC (
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:200
200                             ((zend_internal_function *) 
EX_T(opline->result.u.var).var.ptr, EX(function_state).function-
EX(object), return_value_used TSRMLS_CC);

#0  0x0000003093c841de in memcpy () from /lib64/
#1  0x00000030a4621b0e in Curl_setopt () from /usr/lib64/
#2  0x00000030a462a8f2 in curl_easy_setopt () from 
#3  0x00007ffff736cdef in _php_curl_setopt (ch=0xc52ee0, 
    zvalue=0xa60d68, return_value=0xc4dd18)
    at /home/inst/php-5.2.9/ext/curl/interface.c:1554
#4  0x00007ffff736da95 in zif_curl_setopt (ht=<value optimized out>,
    return_value=0xc4dd18, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value 
optimized out>)
    at /home/inst/php-5.2.9/ext/curl/interface.c:1668
#5  0x00007ffff75a3bdd in zend_do_fcall_common_helper_SPEC (
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:200
#6  0x00007ffff7590174 in execute (op_array=0x98bbe0)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:92
#7  0x00007ffff75a34ee in zend_do_fcall_common_helper_SPEC (
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:234
#8  0x00007ffff7590174 in execute (op_array=0xa6f950)
    at /home/inst/php-5.2.9/Zend/zend_vm_execute.h:92
#9  0x00007ffff756cdcb in zend_execute_scripts (type=8,
    retval=<value optimized out>, file_count=3)
    at /home/inst/php-5.2.9/Zend/zend.c:1134
#10 0x00007ffff75289ea in php_execute_script 
    at /home/inst/php-5.2.9/main/main.c:2023
#11 0x00007ffff75e1f9f in php_handler (r=0x989178)
    at /home/inst/php-5.2.9/sapi/apache2handler/sapi_apache2.c:632
#12 0x000000000043d066 in ap_run_handler ()
#13 0x000000000043d902 in ap_invoke_handler ()
#14 0x000000000045e67f in ap_process_request ()
#15 0x000000000045b64f in ap_process_http_connection ()
#16 0x0000000000446402 in ap_run_process_connection ()
#17 0x0000000000446844 in ap_process_connection ()
#18 0x00000000004822a4 in child_main ()
#19 0x000000000048238a in make_child ()
#20 0x000000000048292e in ap_mpm_run ()
#21 0x00000000004243a6 in main ()
 [2009-03-11 14:00 UTC]
Curl bugs are not PHP bug. Please report to curl people. (does not crash for me..)
 [2009-03-16 14:21 UTC] phpbugs at rizzt dot kicks-ass dot org
It seems to crash when I pass an integer to url_setopt($ch, 
CURLOPT_POSTFIELDS, $var); With a string it works fine.

I have compiled 5.2.8 with the exact same settings and it works. 

I can confirm these crashes with fedora 8,10 and suse 11.




Maybe that helps a little bit more.
 [2009-03-16 15:00 UTC] phpbugs at rizzt dot kicks-ass dot org
i debugged it for you.


around line 1555 you pass Z_STRVAL_PP(zvalue) to curl. in this case 
no type conversion is done and it passes 60 instead of a pointer to 
the string.

#if LIBCURL_VERSION_NUM >= 0x071101
/* with curl 7.17.0 and later, we can use COPYPOSTFIELDS, but we have 
to provide size before */
error = curl_easy_setopt(ch->cp, CURLOPT_POSTFIELDSIZE, 
error = curl_easy_setopt(ch->cp, CURLOPT_COPYPOSTFIELDS, 
 [2009-03-16 15:10 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2.10, 5.3 and HEAD.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Tue Oct 06 20:01:32 2015 UTC