php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48774 SIGSEGVs when using curl_copy_handle()
Submitted: 2009-07-02 13:20 UTC Modified: 2009-07-22 14:15 UTC
From: felipe@php.net Assigned: srinatar
Status: Closed Package: cURL related
PHP Version: 5.3CVS-2009-07-02 (CVS) OS: Linux
Private report: No CVE-ID:
 [2009-07-02 13:20 UTC] felipe@php.net

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-07-09 16:31 UTC] daniel at haxx dot se
I think it would help the devs if you'd also specify what libcurl version you use (preferably with curl -V or similar to give all the details).
 [2009-07-11 10:12 UTC] sriram dot natarajan at gmail dot com
i was able to reproduce this on rhel 5 which ships with curl 7.15.5.

and this below patch seems to fix this problem
--- ext/curl/interface.c.ORIG   2009-07-09 15:24:00.000000000 -0700
+++ ext/curl/interface.c        2009-07-11 03:08:56.000000000 -0700
@@ -1444,9 +1444,13 @@
        zend_llist_copy(&dupch->to_free.str, &ch->to_free.str);
        /* Don't try to free copied strings, they're free'd when the original handle is destroyed */
        dupch->to_free.str.dtor = NULL;
-#endif
+
        zend_llist_copy(&dupch->to_free.slist, &ch->to_free.slist);
+       dupch->to_free.slist.dtor = NULL;
+
        zend_llist_copy(&dupch->to_free.post, &ch->to_free.post);
+       dupch->to_free.post.dtor = NULL;
+#endif
 
        ZEND_REGISTER_RESOURCE(return_value, dupch, le_curl);
        dupch->id = Z_LVAL_P(return_value);


need to investigate and possibly add couple of test cases
 [2009-07-11 10:54 UTC] sriram dot natarajan at gmail dot com
here is a better way to read the patches..
http://pastebin.org/1041
 [2009-07-14 09:40 UTC] sriram dot natarajan at gmail dot com
Hi
 though the above patch does fix the crash reported by the developer, on further investigation this patch is not the right fix. 

the issue that is happening is when the form input data is a array, the constructed form data is not available when executing curl_exec on the cloned handle.
 [2009-07-18 07:10 UTC] srinatar@php.net
while looking into this bug, i also realized that this below test case is also broken

less curl_copy_handle_basic_002.phpt 
...
  curl_setopt($ch, CURLOPT_POSTFIELDS, "Hello=World&Foo=Bar&Person=John%20Doe");
  curl_setopt($ch, CURLOPT_URL, $url); //set the url we want to use
  
  $copy = curl_copy_handle($ch);
  curl_close($ch);
...

(currently, marked as expected failure..) so, i have filed a separate bug : 48965 to track this separately
 [2009-07-20 14:54 UTC] jani@php.net
See also bug #48965
 [2009-07-21 20:32 UTC] svn@php.net
Automatic comment from SVN on behalf of srinatar
Revision: http://svn.php.net/viewvc/?view=revision&revision=284557
Log: - Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()).
 [2009-07-21 22:57 UTC] svn@php.net
Automatic comment from SVN on behalf of jani
Revision: http://svn.php.net/viewvc/?view=revision&revision=284567
Log: - Fix badly applied patch (bug #48774)
 [2009-07-22 13:47 UTC] srinatar@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 02:02:10 2014 UTC