php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71144 Sementation fault when using cURL with ZTS
Submitted: 2015-12-16 22:25 UTC Modified: 2015-12-17 07:05 UTC
From: maroszek at gmx dot net Assigned:
Status: Closed Package: cURL related
PHP Version: 7.0.0 OS: Any
Private report: No CVE-ID:
 [2015-12-16 22:25 UTC] maroszek at gmx dot net
Description:
------------
As stated here: http://curl.haxx.se/libcurl/c/CURLOPT_DNS_USE_GLOBAL_CACHE.html
and here: http://php.net/manual/en/function.curl-setopt.php

CURLOPT_DNS_USE_GLOBAL_CACHE is not thread safe.

This option should not get enabled by default when ZTS is enabled.
And we should not allow the user to set this option, when ZTS is enabled.

I attached a patch which fixes both things.

Test script:
---------------
Just make a lot of random requests in a lot of threads to different domains. 
After a while the crash will happen.

Expected result:
----------------
No crash

Actual result:
--------------
Crash.

Patches

ZTS1 (last revision 2015-12-16 22:26 UTC) by maroszek at gmx dot net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-17 05:26 UTC] laruence@php.net
Hmm, but dns should be result in the same value . and it must store in a cache line sieze. so I don't think this could be a problem.

do you have see any issue of this?
 [2015-12-17 05:26 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2015-12-17 05:42 UTC] pajoye@php.net
More importantly we should replace it with the share api
http://curl.haxx.se/libcurl/c/CURLOPT_DNS_USE_GLOBAL_CACHE.html
 [2015-12-17 07:05 UTC] maroszek at gmx dot net
-Status: Feedback +Status: Open
 [2015-12-17 07:05 UTC] maroszek at gmx dot net
Using an option that is actually declared not thread safe should not be allowed in the ZTS version even if it *might* work.

@pajoye: Yes, that would definitly be the best solution. For the moment, disabling the global dns cache would solve the problem, though.

@laruence: Yes, i have seen crashes in gdb (Raspbian) and Visual Studio (Win64)  with a backtrace like this one:

https://www.dropbox.com/s/w82aydt03s35r2m/curl.png?dl=0
 [2015-12-18 16:31 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8f9af36da35eef78728a46890ba5f1f114d7a0b0
Log: Fixed bug #71144 (Sementation fault when using cURL with ZTS)
 [2015-12-18 16:31 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2016-07-20 11:34 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8f9af36da35eef78728a46890ba5f1f114d7a0b0
Log: Fixed bug #71144 (Sementation fault when using cURL with ZTS)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Jun 28 12:01:42 2017 UTC