ID: 48774
Comment by: sriram dot natarajan at gmail dot com
Reported By: [email protected]
Status: Open
Bug Type: cURL related
Operating System: Linux
PHP Version: 5.3CVS-2009-07-02 (CVS)
New Comment:
i was able to reproduce this on rhel 5 which ships with curl 7.15.5.
and this below patch seems to fix this problem
--- ext/curl/interface.c.ORIG 2009-07-09 15:24:00.000000000 -0700
+++ ext/curl/interface.c 2009-07-11 03:08:56.000000000 -0700
@@ -1444,9 +1444,13 @@
zend_llist_copy(&dupch->to_free.str, &ch->to_free.str);
/* Don't try to free copied strings, they're free'd when the
original handle is destroyed */
dupch->to_free.str.dtor = NULL;
-#endif
+
zend_llist_copy(&dupch->to_free.slist, &ch->to_free.slist);
+ dupch->to_free.slist.dtor = NULL;
+
zend_llist_copy(&dupch->to_free.post, &ch->to_free.post);
+ dupch->to_free.post.dtor = NULL;
+#endif
ZEND_REGISTER_RESOURCE(return_value, dupch, le_curl);
dupch->id = Z_LVAL_P(return_value);
need to investigate and possibly add couple of test cases
Previous Comments:
------------------------------------------------------------------------
[2009-07-09 16:31:59] daniel at haxx dot se
I think it would help the devs if you'd also specify what libcurl
version you use (preferably with curl -V or similar to give all the
details).
------------------------------------------------------------------------
[2009-07-02 13:20:33] [email protected]
Description:
------------
See below.
Reproduce code:
---------------
1º
<?php
$url = "http://localhost/";;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array("Hello" => "World"));
curl_setopt($ch, CURLOPT_URL, $url);
$copy = curl_copy_handle($ch);
curl_close($ch);
2º
<?php
$url = "http://localhost/";;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array("Hello" => "World"));
curl_setopt($ch, CURLOPT_URL, $url);
$copy = curl_copy_handle($ch);
curl_close($ch);
curl_exec($copy);
curl_close($copy);
Expected result:
----------------
No SIGSEGV.
Actual result:
--------------
1º
*** glibc detected *** sapi/cli/php: double free or corruption
(fasttop): 0x0a663260 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb65a81d4]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb65aa186]
/usr/local/lib/libcurl.so.4(curl_formfree+0x8a)[0xb74533ca]
sapi/cli/php[0x819c1af]
sapi/cli/php(zend_llist_destroy+0x33)[0x8612f05]
sapi/cli/php(zend_llist_clean+0x11)[0x8612f71]
sapi/cli/php[0x81a0a40]
sapi/cli/php[0x81a0d81]
sapi/cli/php[0x86321e4]
sapi/cli/php(zend_hash_del_key_or_index+0x192)[0x862f5d9]
sapi/cli/php(_zend_list_delete+0xa0)[0x8631df4]
sapi/cli/php(_zval_dtor_func+0x198)[0x861cb28]
sapi/cli/php[0x860cfcc]
sapi/cli/php(_zval_ptr_dtor+0xb8)[0x860d3b1]
sapi/cli/php(_zval_ptr_dtor_wrapper+0x21)[0x861cf08]
sapi/cli/php[0x862fa96]
sapi/cli/php(zend_hash_graceful_reverse_destroy+0x3e)[0x862fc1a]
sapi/cli/php[0x860c5bb]
sapi/cli/php[0x861f79a]
sapi/cli/php(php_request_shutdown+0x682)[0x8590ac0]
sapi/cli/php[0x87035c7]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb654f775]
sapi/cli/php[0x8078a91]
2º
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb631a6f0 (LWP 4050)]
0xb74ef368 in curl_formfree () from /usr/local/lib/libcurl.so.4
Current language: auto; currently asm
(gdb) bt
#0 0xb74ef368 in curl_formfree () from /usr/local/lib/libcurl.so.4
#1 0xb74ef37c in curl_formfree () from /usr/local/lib/libcurl.so.4
#2 0x0819c1af in curl_free_post (post=0xaa1741c) at
/home/felipe/dev/php5/ext/curl/interface.c:1246
#3 0x08612f05 in zend_llist_destroy (l=0xaa17230) at
/home/felipe/dev/php5/Zend/zend_llist.c:114
#4 0x08612f71 in zend_llist_clean (l=0xaa17230) at
/home/felipe/dev/php5/Zend/zend_llist.c:126
#5 0x081a0a40 in _php_curl_close_ex (ch=0xaa17128, tsrm_ls=0xa7aa4b8)
at /home/felipe/dev/php5/ext/curl/interface.c:2302
#6 0x081a0d81 in _php_curl_close (rsrc=0xaa174d8, tsrm_ls=0xa7aa4b8)
at /home/felipe/dev/php5/ext/curl/interface.c:2343
#7 0x086321e4 in list_entry_destructor (ptr=0xaa174d8) at
/home/felipe/dev/php5/Zend/zend_list.c:184
#8 0x0862f5d9 in zend_hash_del_key_or_index (ht=0xa7ac7d4, arKey=0x0,
nKeyLength=0, h=5, flag=1) at
/home/felipe/dev/php5/Zend/zend_hash.c:497
#9 0x08631df4 in _zend_list_delete (id=5, tsrm_ls=0xa7aa4b8) at
/home/felipe/dev/php5/Zend/zend_list.c:58
#10 0x081a09b5 in zif_curl_close (ht=1, return_value=0xaa16fe8,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0,
tsrm_ls=0xa7aa4b8)
at /home/felipe/dev/php5/ext/curl/interface.c:2279
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=48774&edit=1
