From: jcardona at allglobalnames dot com
Operating system: Fedora release 8 (Werewolf)
PHP version: 5.2CVS-2008-05-08 (snap)
PHP Bug Type: Reproducible crash
Bug description: double free or corruption curl FOLLOWLOCATION
Description:
------------
PHP crashes when using CURL_OPT_FOLLOWLOCATION giving:
*** glibc detected *** ./php: double free or corruption (!prev):
0x14d3f6f0 ***
Without CURL_OPT_FOLLOWLOCATION the code runs for ever.
Compiled PHP from sanpshot: php5.2-200805081230
./configure --with-apxs2=/usr/local/apache2/bin/apxs
--prefix=/usr/local/apache2/php
--with-config-file-path=/usr/local/apache2/php --enable-force-cgi-redirect
--disable-cgi --with-curl --with-openssl --enable-debug
Reproduce code:
---------------
<?
$i = 1;
while ( 1 )
{
echo "Download ".($i++)."\n";
$ch = curl_init ( "http://www.allglobalnames.com"; );
curl_setopt ( $ch, CURLOPT_FOLLOWLOCATION, 1 );
curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 );
$html = curl_exec ( $ch );
curl_close ( $ch );
}
?>
Expected result:
----------------
Endless loop:
Download 1
Download 2
(...)
Download 1000
(...)
Actual result:
--------------
Donwload 1
(...)
Download 131
*** glibc detected *** ./php: double free or corruption (!prev):
0x14d3f6f0 ***
======= Backtrace: =========
/lib/libc.so.6[0x818ac1]
/lib/libc.so.6(cfree+0x90)[0x81c0f0]
/usr/lib/libnspr4.so(PR_Free+0x38)[0x2e0e0b8]
/usr/lib/libnsspem.so[0x434ba5]
/usr/lib/libnsspem.so[0x4242d8]
/usr/lib/libnsspem.so[0x4250be]
/usr/lib/libnsspem.so[0x429875]
/usr/lib/libnsspem.so[0x430d29]
/usr/lib/libnsspem.so[0x4204ec]
/usr/lib/libnss3.so[0x2e90b62]
/usr/lib/libnss3.so(PK11_CreateGenericObject+0x50)[0x2e90d80]
/usr/lib/libcurl.so.4[0x3c77f8]
/usr/lib/libcurl.so.4(Curl_nss_connect+0x5e6)[0x3c8446]
/usr/lib/libcurl.so.4(Curl_ssl_connect+0x2f)[0x3c4ddf]
/usr/lib/libcurl.so.4(Curl_http_connect+0xa7)[0x3a5077]
/usr/lib/libcurl.so.4(Curl_protocol_connect+0x7b)[0x3ada3b]
/usr/lib/libcurl.so.4(Curl_connect+0x2e8)[0x3b0648]
/usr/lib/libcurl.so.4(Curl_perform+0xfc)[0x3ba17c]
/usr/lib/libcurl.so.4(curl_easy_perform+0x5d)[0x3ba7cd]
./php(zif_curl_exec+0x98)[0x80b34b8]
./php[0x82d79a8]
./php(execute+0x12d)[0x82c94cd]
./php(zend_execute_scripts+0x152)[0x82abc12]
./php(php_execute_script+0x1c3)[0x826be23]
./php(main+0xc40)[0x8327a10]
/lib/libc.so.6(__libc_start_main+0xe0)[0x7c5390]
./php(realloc+0x99)[0x808bc71]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0 [vdso]
00111000-0017a000 r-xp 00000000 fd:00 168592530
/usr/local/mysql-5.0.51a-linux-i686-icc-glibc23/lib/libmysqlclient.so.15
0017a000-00289000 rwxp 00069000 fd:00 168592530
/usr/local/mysql-5.0.51a-linux-i686-icc-glibc23/lib/libmysqlclient.so.15
00289000-0028a000 rwxp 00289000 00:00 0
0028a000-002d0000 r-xp 00000000 fd:00 167708020
/usr/lib/libmhash.so.2.0.1
002d0000-002d1000 rwxp 00046000 fd:00 167708020
/usr/lib/libmhash.so.2.0.1
002d1000-00301000 r-xp 00000000 fd:00 167717656
/usr/lib/libidn.so.11.5.28
00301000-00302000 rwxp 00030000 fd:00 167717656
/usr/lib/libidn.so.11.5.28
00302000-0030c000 r-xp 00000000 fd:00 82837612 /lib/libnss_files-2.7.so
0030c000-0030d000 r-xp 00009000 fd:00 82837612 /lib/libnss_files-2.7.so
0030d000-0030e000 rwxp 0000a000 fd:00 82837612 /lib/libnss_files-2.7.so
0030e000-00312000 r-xp 00000000 fd:00 82837610 /lib/libnss_dns-2.7.so
00312000-00313000 r-xp 00003000 fd:00 82837610 /lib/libnss_dns-2.7.so
00313000-00314000 rwxp 00004000 fd:00 82837610 /lib/libnss_dns-2.7.so
00314000-00366000 r-xp 00000000 fd:00 167712416 /usr/lib/libsoftokn3.so
00366000-0036a000 rwxp 00051000 fd:00 167712416 /usr/lib/libsoftokn3.so
0036a000-00389000 r-xp 00000000 fd:00 168821545
/usr/lib/pkcs11/libcoolkeypk11.so
00389000-0038a000 rwxp 0001f000 fd:00 168821545
/usr/lib/pkcs11/libcoolkeypk11.so
0038a000-00392000 r-xp 00000000 fd:00 167714068
/usr/lib/libpcsclite.so.1.0.0
00392000-00393000 rwxp 00008000 fd:00 167714068
/usr/lib/libpcsclite.so.1.0.0
00396000-003d3000 r-xp 00000000 fd:00 167729461
/usr/lib/libcurl.so.4.0.1
003d3000-003d5000 rwxp 0003c000 fd:00 167729461
/usr/lib/libcurl.so.4.0.1
003d5000-0040f000 r-xp 00000000 fd:00 167712411 /usr/lib/libfreebl3.so
0040f000-00410000 rwxp 00039000 fd:00 167712411 /usr/lib/libfreebl3.so
00410000-0041d000 r-xp 00000000 fd:00 167730042
/usr/lib/libckyapplet.so.1.0.0
0041d000-0041e000 rwxp 0000c000 fd:00 167730042
/usr/lib/libckyapplet.so.1.0.0
0041e000-00445000 r-xp 00000000 fd:00 167712414 /usr/lib/libnsspem.so
00445000-00446000 rwxp 00026000 fd:00 167712414 /usr/lib/libnsspem.so
004cc000-0055c000 r-xp 00000000 fd:00 167725032 /usr/lib/libkrb5.so.3.3
0055c000-0055f000 rwxp 0008f000 fd:00 167725032 /usr/lib/libkrb5.so.3.3
00561000-0058e000 r-xp 00000000 fd:00 167725033
/usr/lib/libgssapi_krb5.so.2.2
0058e000-0058f000 rwxp 0002d000 fd:00 167725033
/usr/lib/libgssapi_krb5.so.2.2
005c9000-005ee000 r-xp 00000000 fd:00 167725031
/usr/lib/libk5crypto.so.3.1
005ee000-005ef000 rwxp 00025000 fd:00 167725031
/usr/lib/libk5crypto.so.3.1
005f1000-00632000 r-xp 00000000 fd:00 82837847 /lib/libssl.so.0.9.8b
00632000-00636000 rwxp 00040000 fd:00 82837847 /lib/libssl.so.0.9.8b
0063b000-00646000 r-xp 00000000 fd:00 82839002
/lib/libgcc_s-4.1.2-20070925.so.1
00646000-00647000 rwxp 0000a000 fd:00 82839002
/lib/libgcc_s-4.1.2-20070925.so.1
0077e000-00780000 r-xp 00000000 fd:00 82838991 /lib/libkeyutils-1.2.so
00780000-00781000 rwxp 00001000 fd:00 82838991 /lib/libkeyutils-1.2.so
00790000-007ab000 r-xp 00000000 fd:00 82838975 /lib/ld-2.7.so
007ab000-007ac000 r-xp 0001a000 fd:00 82838975 /lib/ld-2.7.so
007ac000-007ad000 rwxp 0001b000 fd:00 82838975 /lib/ld-2.7.so
007af000-00902000 r-xp 00000000 fd:00 82838976 /lib/libc-2.7.so
00902000-00904000 r-xp 00153000 fd:00 82838976 /lib/libc-2.7.so
00904000-00905000 rwxp 00155000 fd:00 82838976 /lib/libc-2.7.so
00905000-00908000 rwxp 00905000 00:00 0
0090a000-00931000 r-xp 00000000 fd:00 82838980 /lib/libm-2.7.so
00931000-00932000 r-xp 00026000 fd:00 82838980 /lib/libm-2.7.so
00932000-00933000 rwxp 00027000 fd:00 82838980 /lib/libm-2.7.so
00935000-00938000 r-xp 00000000 fd:00 82838977 /lib/libdl-2.7.so
00938000-00939000 r-xp 00002000 fd:00 82838977 /lib/libdl-2.7.so
00939000-0093a000 rwxp 00003000 fd:00 82838977 /lib/libdl-2.7.so
0093c000-00951000 r-xp 00000000 fd:00 82838978 /lib/libpthread-2.7.so
00951000-00952000 r-xp 00014000 fd:00 82838978 /lib/libpthread-2.7.so
00952000-00953000 rwxp 00015000 fd:00 82838978 /lib/libpthread-2.7.so
00953000-00955000 rwxp 00953000 00:00 0
00957000-00969000 r-xp 00000000 fd:00 82838979 /lib/libz.so.1.2.3
00969000-0096a000 rwxp 00011000 fd:00 82838979 /lib/libz.so.1.2.3
00a15000-00a2e000 r-xp 00000000 fd:00 82837695 /lib/libselinux.so.1
00a2e000-00a30000 rwxp 00018000 fd:00 82837695 /lib/libselinux.so.1
00a3f000-00a46000 r-xp 00000000 fd:00 82838986 /lib/librt-2.7.so
00a46000-00a47000 r-xp 00007000 fd:00 82838986 /lib/librt-2.7.so
00a47000-00a48000 rwxp 00008000 fd:00 82838986 /lib/librt-2.7.so
00b76000-00b78000 r-xp 00000000 fd:00 82837838 /lib/libcom_err.so.2.1
00b78000-00b79000 rwxp 00001000 fd:00 82837838 /lib/libcom_err.so.2.1
00c98000-00ca0000 r-xp 00000000 fd:00 167725030
/usr/lib/libkrb5support.so.0.1
00ca0000-00ca1000 rwxp 00007000 fd:00 167725030
/usr/lib/libkrb5support.so.0.1
00cba000-00ccf000 r-xp 00000000 fd:00 82838990 /lib/libnsl-2.7.so
00ccf000-00cd0000 r-xp 00014000 fd:00 82838990 /lib/libnsl-2.7.so
00cd0000-00cd1000 rwxp 00015000 fd:00 82838990 /lib/libnsl-2.7.so
00cd1000-00cd3000 rwxp 00cd1000 00:00 0
00cf8000-00d1d000 r-xp 00000000 fd:00 167712302
/usr/lib/libpng12.so.0.22.0
00d1d000-00d1e000 rwxp 00025000 fd:00 167712302
/usr/lib/libpng12.so.0.22.0
00d74000-00d84000 r-xp 00000000 fd:00 82838992 /lib/libresolv-2.7.so
00d84000-00d85000 r-xp 00010000 fd:00 82838992 /lib/libresolv-2.7.so
00d85000-00d86000 rwxp 00011000 fd:00 82838992 /lib/libresolv-2.7.so
00d86000-00d88000 rwxp 00d86000 00:00 0
026eb000-02808000 r-xp 00000000 fd:00 82838994 /lib/libcrypto.so.0.9.8b
02808000-0281a000 rwxp 0011d000 fd:00 82838994 /lib/libcrypto.so.0.9.8b
0281a000-0281e000 rwxp 0281a000 00:00 0
02b93000-02c73000 r-xp 00000000 fd:00 167713389
/usr/lib/libstdc++.so.6.0.8
02c73000-02c77000 r-xp 000df000 fd:00 167713389
/usr/lib/libstdc++.so.6.0.8
02c77000-02c78000 rwxp 000e3000 fd:00 167713389
/usr/lib/libstdc++.so.6.0.8
02c78000-02c7e000 rwxp 02c78000 00:00 0
02dac000-02db5000 r-xp 00000000 fd:00 82838999 /lib/libcrypt-2.7.so
02db5000-02db6000 r-xp 00008000 fd:00 82838999 /lib/libcrypt-2.7.so
02db6000-02db7000 rwxp 00009000 fd:00 82838999 /lib/libcrypt-2.7.so
02db7000-02dde000 rwxp 02db7000 00:00 0
02de0000-02de2000 r-xp 00000000 fd:00 167733613 /usr/lib/libplds4.so
02de2000-02de3000 rwxp 00002000 fd:00 167733613 /usr/lib/libplds4.so
02de5000-02de9000 r-xp 00000000 fd:00 167733614 /usr/lib/libplc4.so
02de9000-02dea000 rwxp 00003000 fd:00 167733614 /usr/lib/libplc4.so
02dfd000-02e32000 r-xp 00000000 fd:00 167712783 /usr/lib/libnspr4.so
02e32000-02e33000 rwxp 00035000 fd:00 167712783 /usr/lib/libnspr4.so
02e33000-02e35000 rwxp 02e33000 00:00 0
02e37000-02e60000 r-xp 00000000 fd:00 167733616 /usr/lib/libssl3.so
02e60000-02e61000 rwxp 00029000 fd:00 167733616 /usr/lib/libssl3.so
02e61000-02e62000 rwxp 02e61000 00:00 0
02e64000-02ee3000 r-xp 00000000 fd:00 167713938 /usr/lib/libnss3.so
02ee3000-02ee8000 rwxp 0007e000 fd:00 167713938 /usr/lib/libnss3.so
02eea000-02f0f000 r-xp 00000000 fd:00 167733617 /usr/lib/libsmime3.so
02f0f000-02f11000 rwxp 00025000 fd:00 167733617 /usr/lib/libsmime3.so
065ed000-0671d000 r-xp 00000000 fd:00 167729498
/usr/lib/libxml2.so.2.6.32
0671d000-06722000 rwxp 0012f000 fd:00 167729498
/usr/lib/libxml2.so.2.6.32
06722000-06723000 rwxp 06722000 00:00 0
08048000-083fd000 r-xp 00000000 fd:00 234099030
/root/Soft/php5.2-200805081230/sapi/cli/php
083fd000-08421000 rw-p 003b5000 fd:00 234099030
/root/Soft/php5.2-200805081230/sapi/cli/php
08421000-0842b000 rw-p 08421000 00:00 0
09301000-164c1000 rw-p 09301000 00:00 0
b7b00000-b7b21000 rw-p b7b00000 00:00 0
b7b21000-b7c00000 ---p b7b21000 00:00 0
b7ccd000-b7ecd000 r--p 00000000 fd:00 167709892
/usr/lib/locale/locale-archive
b7f0a000-b7f0e000 rw-s 00000000 fd:00 63701058
/var/cache/coolkey/coolkeypk11sE-Gate 0 0-0
b7f0e000-b7f16000 rw-p b7f0e000 00:00 0
b7f18000-b7f19000 r--s 0000f000 fd:00 63668682 /var/run/pcscd.pub
b7f19000-b7f1a000 r--s 0000e000 fd:00 63668682 /var/run/pcscd.pub
b7f1a000-b7f1b000 r--s 0000d000 fd:00 63668682 /var/run/pcscd.pub
b7f1b000-b7f1c000 r--s 0000c000 fd:00 63668682 /var/run/pcscd.pub
b7f1c000-b7f1d000 r--s 0000b000 fd:00 63668682 /var/run/pcscd.pub
b7f1d000-b7f1e000 r--s 0000a000 fd:00 63668682 /var/run/pcscd.pub
b7f1e000-b7f1f000 r--s 00009000 fd:00 63668682 /var/run/pcscd.pub
b7f1f000-b7f20000 r--s 00008000 fd:00 63668682 /var/run/pcscd.pub
b7f20000-b7f21000 r--s 00007000 fd:00 63668682 /var/run/pcscd.pub
b7f21000-b7f22000 r--s 00006000 fd:00 63668682 /var/run/pcscd.pub
b7f22000-b7f23000 r--s 00005000 fd:00 63668682 /var/run/pcscd.pub
b7f23000-b7f24000 r--s 00004000 fd:00 63668682 /var/run/pcscd.pub
b7f24000-b7f25000 r--s 00003000 fd:00 63668682 /var/run/pcscd.pub
b7f25000-b7f26000 r--s 00002000 fd:00 63668682 /var/run/pcscd.pub
b7f26000-b7f27000 r--s 00001000 fd:00 63668682 /var/run/pcscd.pub
b7f27000-b7f29000 rw-p b7f27000 00:00 0
b7f29000-b7f2a000 r--s 00000000 fd:00 63668682 /var/run/pcscd.pub
b7f2a000-b7f2b000 rw-p b7f2a000 00:00 0
bfe81000-bfe94000 rwxp bffea000 00:00 0 [stack]
bfe94000-bfe96000 rw-p bfffd000 00:00 0
Abortado (core dumped)
--
Edit bug report at http://bugs.php.net/?id=44947&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44947&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44947&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44947&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44947&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44947&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44947&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44947&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44947&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44947&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44947&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44947&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44947&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44947&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44947&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44947&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44947&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44947&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44947&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44947&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44947&r=mysqlcfg
