|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58384 Race condition in http_request_dtor
Submitted: 2008-10-18 17:01 UTC Modified: 2009-02-12 12:11 UTC
From: james82 at gmail dot com Assigned: mike (profile)
Status: Closed Package: pecl_http (PECL)
PHP Version: 5.1.6 OS: CentOS 5
Private report: No CVE-ID: None
 [2008-10-18 17:01 UTC] james82 at gmail dot com
In http_request_api.c, _http_request_dtor inserts our HTTP request handle back into the persistent handle pool (via http_persistent_handle_release in http_curl_free) before we are finished working with the request. This can lead to multiple threads working with the same request at the same time, and can eventually cause corruption of curl data structures.

The fix for this issue is simple: We should wait until we are finished with the request before we re-insert it into the persistent handle pool. A patch which implements this against current CVS is included below.


--- http_request_api.c  2008-08-15 04:41:38.000000000 -0700
+++ http_request_api.c.fixed    2008-10-18 13:35:35.000000000 -0700
@@ -316,8 +316,8 @@ PHP_HTTP_API void _http_request_dtor(htt

-       http_curl_free(&request->ch);
+       http_curl_free(&request->ch);


Reproduce code:
Here is an example case where memory is corrupted:

Thread #1 releases request into persistent handle pool (via http_persistent_handle_release in _http_curl_free).
Thread #2 grabs the request from the persistent handle pool, and sets up a new cookie store and url inside the request's request storage field.
Thread #1 frees the memory allocated by Thread #2 (via http_request_reset)
Thread #2 attempts to store cookies inside the previously allocated storage. Because this memory has been freed by Thread #1, this change may corrupt memory used by other threads.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-21 02:58 UTC]
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on

In case this was a website problem, the change will show
up on the website in short time.
Thank you for the report, and for helping us make PECL better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 25 13:01:28 2024 UTC