php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69998 curl multi leaking memory
Submitted: 2015-07-05 22:56 UTC Modified: 2015-08-01 18:28 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: fred_brownuk at yahoo dot co dot uk Assigned: pierrick
Status: Closed Package: cURL related
PHP Version: 7.0.0alpha2 OS: Mint 17.1 & Debian 6 LTS
Private report: No CVE-ID:
 [2015-07-05 22:56 UTC] fred_brownuk at yahoo dot co dot uk
Description:
------------
On both 7.0.0alpha1 and 7.0.0alpha2 the curl multi interface is holding onto resources.

A curl handle added to a multi handle with curl_multi_add_handle() should be fully independent once released from the multi handle with curl_multi_remove_handle(). Curl handles are not being released properly.

Repeated use of the multi interface is leaking memory.

Test script:
---------------
// curl multi holding onto curl handles
$mh=curl_multi_init();
$ch = curl_init();
curl_multi_add_handle($mh, $ch);
curl_multi_remove_handle($mh, $ch);
var_dump($ch);
curl_close($ch);
var_dump($ch);
curl_multi_close($mh);

// show memory leak
for ($l=0; $l<10; $l++) {
    $mh=curl_multi_init();
    $ch = curl_init();
    curl_multi_add_handle($mh, $ch);
    curl_multi_remove_handle($mh, $ch);
    curl_close($ch);
    curl_multi_close($mh);
    echo memory_get_usage().PHP_EOL;
}

Expected result:
----------------
resource(5) of type (curl)
resource(5) of type (Unknown)
374192
374192
374192
374192
374192
374192
374192
374192
374192
374192

Actual result:
--------------
resource(5) of type (curl)
resource(5) of type (curl)
374192
374536
374560
374584
374608
375272
375296
375320
375344
375368

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-09 11:08 UTC] kalle@php.net
-Status: Open +Status: Feedback
 [2015-07-09 11:08 UTC] kalle@php.net
Can you confirm this leak with a valgrind output or similar? valgrind --leak-check=yes php bug69998.php should be sufficient to confirm this
 [2015-07-09 11:33 UTC] fred_brownuk at yahoo dot co dot uk
-Status: Feedback +Status: Open
 [2015-07-09 11:33 UTC] fred_brownuk at yahoo dot co dot uk
Thanks for looking. Sorry this doesn't mean much to me, but here you go.

==15597== Memcheck, a memory error detector
==15597== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==15597== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==15597== Command: curlphpalpha2/bin/php bug69998.php
==15597== 
==15597== Conditional jump or move depends on uninitialised value(s)
==15597==    at 0x5ACD79: curl_compare_resources (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x8AC3B4: zend_llist_del_element (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x5AD01F: zif_curl_multi_remove_handle (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x90C5AC: ZEND_DO_ICALL_SPEC_HANDLER (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x8FCFEA: execute_ex (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x95BFC2: zend_execute (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x8BA22D: zend_execute_scripts (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x851B4F: php_execute_script (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x95D822: do_cli (in /home/fred/curlphpalpha2/bin/php)
==15597==    by 0x43C1FA: main (in /home/fred/curlphpalpha2/bin/php)
==15597== 
resource(5) of type (curl)
resource(5) of type (curl)
354976
355320
355344
355368
355392
356056
356080
356104
356128
356152
==15597== 
==15597== HEAP SUMMARY:
==15597==     in use at exit: 1,030 bytes in 22 blocks
==15597==   total heap usage: 32,419 allocs, 32,397 frees, 3,405,857 bytes allocated
==15597== 
==15597== LEAK SUMMARY:
==15597==    definitely lost: 0 bytes in 0 blocks
==15597==    indirectly lost: 0 bytes in 0 blocks
==15597==      possibly lost: 0 bytes in 0 blocks
==15597==    still reachable: 1,030 bytes in 22 blocks
==15597==         suppressed: 0 bytes in 0 blocks
==15597== Reachable blocks (those to which a pointer was found) are not shown.
==15597== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==15597== 
==15597== For counts of detected and suppressed errors, rerun with: -v
==15597== Use --track-origins=yes to see where uninitialised values come from
==15597== ERROR SUMMARY: 11 errors from 1 contexts (suppressed: 0 from 0)
 [2015-07-09 15:12 UTC] cmb@php.net
I get a similar valgrind report when running the supplied test
script. It seems to me that the "Conditional jump or move depends
on uninitialised value(s)" might be a bogus warning (aka. false
positive). The leaks (64 bytes in 2 blocks for me), however, occur
also for an empty PHP script.

Fred, which libcurl do you use?
 [2015-07-09 15:33 UTC] fred_brownuk at yahoo dot co dot uk
I get the issue with both versions of libcurl I've tried, my distro has 7.35.0 and I've also tried with the newer 7.43.0

Incidentally, I've just tried building php 7 from git master, the errors regarding "Conditional jump or move depends on uninitialised value(s)" are no longer present, but the other issues remain.
 [2015-07-10 09:00 UTC] mike@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: laruence
 [2015-07-10 09:00 UTC] mike@php.net
Resource leaks of zend_list are not detectable by valgrind/memcheck IIRC, because the table is cleaned up anyway at the end of the request.

When you run a modified (say 100k loop count) script with valgrind/massif, you'll see that zend_list_insert() of zif_curl_multi_init() keeps growing the resource table, though.
 [2015-08-01 18:28 UTC] pierrick@php.net
-Assigned To: laruence +Assigned To: pierrick
 [2015-08-01 18:55 UTC] pierrick@php.net
Automatic comment on behalf of pierrick@webstart.fr
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fb37da2a4875abc2153da583faca6c7554810ce9
Log: Fixed Bug #69998 curl multi leaking memory
 [2015-08-01 18:55 UTC] pierrick@php.net
-Status: Verified +Status: Closed
 [2015-08-04 20:54 UTC] ab@php.net
Automatic comment on behalf of pierrick@webstart.fr
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fb37da2a4875abc2153da583faca6c7554810ce9
Log: Fixed Bug #69998 curl multi leaking memory
 [2016-07-20 11:37 UTC] davey@php.net
Automatic comment on behalf of pierrick@webstart.fr
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fb37da2a4875abc2153da583faca6c7554810ce9
Log: Fixed Bug #69998 curl multi leaking memory
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jul 21 08:01:41 2017 UTC