#!/usr/local/bin/php -q
<?php
$co = curl_init();
curl_setopt($co, CURLOPT_URL, $url);
curl_setopt($co, CURLOPT_RETURNTRANSFER, 1);
$str = curl_exec($co);
print "[END]";
print "\nReturned : ".$str."[END]\n";
?>

If $url is a page that prints out 0123456789 (no breaks and no \n).  The following will be output :

[END]
Returned : 012345678[END]

Now if you turn CURLOPT_RETURNTRANSFER off (set to 0), you will get the following :

0123456789[END]
Returned : [END]

The returns are mutually exclusive (expected).  However, in the first example, the 9 is missing.

Upon further examination, I found the following to be at fault :

ext/curl/curl.c line 653 :
ref_data[stat_sb.st_size - 1] = '\0';

which should be
ref_data[stat_sb.st_size] = '\0';

It's a classic off-by-one error with a while loop.  No need to offset in this case (pos is one less than intended).

while ((b = fread(buf, 1, sizeof(buf), fp)) > 0) {
 memcpy(ret_data + pos, buf, b);
 pos += b;
}
 //ret_data[stat_sb.st_size - 1] = '\0';  //clips off last char
ret_data[stat_sb.st_size] = '\0';  //works


--------------- MY CONFIG --------------
Running as a CGI
--without-mysql --enable-ftp --with-oci8 --with-sybase-ct
Kernel 2.2.14-5.0 SMP i686 
Redhat 6.2
----------------------------------------

-Neal McLoughlin

P.S. - I came across this bug while integrating cURL functions with XML-RPC for PHP (www.xmlrpc.com).  The xmlrpc library uses a standard socket.  That's fine until you need to make a https (SSL) request.  The response from the server is an xml body.  I was unable to validate any of the responses from the server.  I was missing the final > character to close my xml doc properly. This one drove me crazy for about 2 days.  Until, of course, I noticed the missing >.