#48203 [NEW]: Curl segfaults with certian scripts

Sat, 09 May 2009 06:44:19 -0700 

From:             php-bug at paulsohier dot nl
Operating system: Debian lenny
PHP version:      5.3CVS-2009-05-09 (CVS)
PHP Bug Type:     cURL related
Bug description:  Curl segfaults with certian scripts

Description:
------------
Discovered during testfest in Utrecht and asked by Piere to report.

When calling curl with a certian url and without closing the curl stream
curl will segfault.

Curl version:
p...@dwerg:~/php/php5.3-200905090830$ curl-config --version
libcurl 7.18.2

Used host where it segfault: www.hosthuis.nl
Used host where it NOT segfault: www.example.org

Reproduce code:
---------------
<?php

$host = 'www.hosthuis.nl';

$temp_file = tempnam(sys_get_temp_dir(), '');
$handle = fopen($temp_file, 'w');

$url = "{$host}/";
$ch = curl_init();

ob_start(); // start output buffering
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $handle);
curl_setopt($ch, CURLOPT_URL, $url); //set the url we want to use

curl_exec($ch);

fclose($handle);
?>

Expected result:
----------------
The contents of the site

Actual result:
--------------
The contents of the site and a segfault

from run test (Bit different script)

*** glibc detected *** /home/paul/php/php5.3-200905090830/sapi/cli/php:
free(): invalid pointer: 0x4001f000 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0x40624624]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0x40626826]
/lib/i686/cmov/libc.so.6(_IO_free_backup_area+0x34)[0x40622b54]
/lib/i686/cmov/libc.so.6(_IO_file_overflow+0x1c2)[0x40620962]
/lib/i686/cmov/libc.so.6(_IO_file_xsputn+0x65)[0x4061f9d5]
/lib/i686/cmov/libc.so.6(fwrite+0x10a)[0x4061586a]
/usr/lib/libcurl.so.4[0x40363428]
/usr/lib/libcurl.so.4[0x40363547]
/usr/lib/libcurl.so.4[0x403640d9]
/usr/lib/libcurl.so.4[0x4036a81a]
/usr/lib/libcurl.so.4[0x4036abdf]
/usr/lib/libcurl.so.4[0x4036ef77]
/usr/lib/libcurl.so.4(curl_easy_cleanup+0x21)[0x4037aec1]
/home/paul/php/php5.3-200905090830/sapi/cli/php[0x80f288b]
/home/paul/php/php5.3-200905090830/sapi/cli/php[0x82f9a22]
/home/paul/php/php5.3-200905090830/sapi/cli/php(zend_hash_del_key_or_index+0xe2)[0x82f8a42]
/home/paul/php/php5.3-200905090830/sapi/cli/php(_zend_list_delete+0x70)[0x82f9c70]
/home/paul/php/php5.3-200905090830/sapi/cli/php(_zval_ptr_dtor+0x3d)[0x82dfd6d]
/home/paul/php/php5.3-200905090830/sapi/cli/php[0x82f65e2]
/home/paul/php/php5.3-200905090830/sapi/cli/php(zend_hash_graceful_reverse_destroy+0x1f)[0x82f686f]
/home/paul/php/php5.3-200905090830/sapi/cli/php[0x82e20e8]
/home/paul/php/php5.3-200905090830/sapi/cli/php[0x82eb843]
/home/paul/php/php5.3-200905090830/sapi/cli/php(php_request_shutdown+0x15f)[0x829b5df]
/home/paul/php/php5.3-200905090830/sapi/cli/php[0x836b079]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x405cc455]
/home/paul/php/php5.3-200905090830/sapi/cli/php(realloc+0x95)[0x8065241]


-- 
Edit bug report at http://bugs.php.net/?id=48203&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=48203&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=48203&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=48203&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=48203&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=48203&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=48203&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=48203&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=48203&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=48203&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=48203&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=48203&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=48203&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=48203&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=48203&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=48203&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=48203&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=48203&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=48203&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=48203&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=48203&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=48203&r=mysqlcfg

Reply via email to