php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54798 Segfault when CURLOPT_STDERR file pointer is closed before calling curl_exec
Submitted: 2011-05-17 16:25 UTC Modified: 2011-09-12 09:19 UTC
From: shein@php.net Assigned: bjori
Status: Closed Package: cURL related
PHP Version: trunk-SVN-2011-05-17 (SVN) OS: Ubuntu Linux 11.04 x86
Private report: No CVE-ID:
 [2011-05-17 16:25 UTC] shein@php.net
Description:
------------
Related to http://bugs.php.net/bug.php?id=48203

Curl crashes when CURLOPT_STDERR file pointer is closed before calling 
curl_exec(), i.e.

$fp = fopen(dirname(__FILE__) . '/bug48203.tmp', 'w');

$ch = curl_init();

curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $fp);
curl_setopt($ch, CURLOPT_URL, getenv("PHP_CURL_HTTP_REMOTE_SERVER"));

fclose($fp); // <-- premature close of $fp caused a crash!

curl_exec($ch); // segfault


Error is reproduced on latest svn php5.3, php5.4 and trunk
Fix is also attached here.



Test script:
---------------
Full test script is available here: http://svn.php.net/viewvc/php/php-src/trunk/ext/curl/tests/bug48203.phpt?view=markup

Expected result:
----------------
No segfault, see test script

Actual result:
--------------
Segfault

Patches

fix-bug54798 (last revision 2011-05-17 14:26 UTC) by confik at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-06-12 02:14 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: iliaa
 [2011-09-08 12:33 UTC] bjori@php.net
-Assigned To: iliaa +Assigned To: bjori
 [2011-09-08 14:37 UTC] bjori@php.net
Automatic comment from SVN on behalf of bjori
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=316417
Log: Fixed bug#54798	Segfault when CURLOPT_STDERR file pointer is closed before calling curl_exec
 [2011-09-08 14:37 UTC] bjori@php.net
-Status: Assigned +Status: Closed
 [2011-09-08 14:37 UTC] bjori@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2011-09-09 11:36 UTC] shein@php.net
-Status: Closed +Status: Assigned
 [2011-09-09 11:36 UTC] shein@php.net
The fix was wrong, reopening bug, see discussion over here: 
http://news.php.net/php.cvs/66389 and here http://news.php.net/php.cvs/66399
 [2011-09-12 09:19 UTC] bjori@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC