|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49372 Segfault in function php_curl_option_url
Submitted: 2009-08-26 13:30 UTC Modified: 2009-08-26 22:24 UTC
From: sergk at sergk dot org dot ua Assigned: pajoye
Status: Closed Package: cURL related
PHP Version: 5.2.10 OS: Debian GNU/Linux, kernel 2.6.30
Private report: No CVE-ID:
 [2009-08-26 13:30 UTC] sergk at sergk dot org dot ua
There is segfault in strncasecmp calling from this code:
curl/interface.c:186 :

if (!strncasecmp("file", uri->scheme, sizeof("file"))) {   

when URI is without protocol part hence uri->scheme is NULL.
Like in this example of backtrace:
#0  0xb7e20a8b in strncasecmp () from /lib/i686/cmov/
#1  0xb777dd11 in php_curl_option_url (ch=0x856be00, 
    url=0x856e360 "", 
    len=<value optimized out>) at /opt/src/build/apache-1-dweb/dbuild/003d/php-5.2.10/ext/curl/interface.c:187

This bug is also present in last 5.2.x development snapshot.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-26 13:35 UTC] sergk at sergk dot org dot ua
this patch will fix bug:

--- php-5.2.10.orig/ext/curl/interface.c        2009-06-15 12:38:11.000000000 +0000
+++ php-5.2.10/ext/curl/interface.c     2009-08-26 11:22:15.000000000 +0000
@@ -183,10 +183,12 @@
                        return 0;
-               if (!strncasecmp("file", uri->scheme, sizeof("file"))) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Protocol 'file' disabled in cURL");
-                       php_url_free(uri);
-                       return 0;
+               if (uri->scheme != NULL) {
+                       if (!strncasecmp("file", uri->scheme, sizeof("file")-1)) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Protocol 'file' disabled in cURL");
+                               php_url_free(uri);
+                               return 0;
+                       }
 [2009-08-26 14:11 UTC]
Thanks for the patch.
Do you have a small code to test it? I could quickly use it as phpt.
 [2009-08-26 17:13 UTC] sergk at sergk dot org dot ua
Yes, this one trigger segfault, but only in mod_php mode:

  $curl = curl_init("");
 [2009-08-26 18:18 UTC]
Thanks for the script.

An easy fix would be to update the Curl library to a more recent version (recommended).

I will apply the fix shortly (need to fetch an old curl first).
 [2009-08-26 20:21 UTC]
Please don't apply that patch, you can do it with single line change 
too.. if (uri->scheme && !strncasecmp("file", uri->scheme, 
sizeof("file"))) rather than having several lines changed for nothing.
 [2009-08-26 20:26 UTC]
I said the fix, not the patch :)
 [2009-08-26 22:24 UTC]
Automatic comment from SVN on behalf of pajoye
Log: - fix #49372, segfault in php_curl_option_url
 [2009-08-26 22:24 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Oct 10 03:01:30 2015 UTC