From: public at grik dot net Operating system: Linux PHP version: 5CVS-2004-08-30 (dev) PHP Bug Type: cURL related Bug description: segment fault when processing curl output with "wrapper-registered" stream
Description: ------------ I register a wrapper, create a stream and pass the pointer to the curl_setopt to process CURL output. When amount of data returned by CURL exeeds 8192 bytes (size of the CURL buffer), PHP ends with Segmentation fault. I could not reach the crash using fwrite(). Similar problem was in PHP 4.3.3, in 4.3.7 everything works fine. I detected this problem again in 5.0.0 and replicated it in the latest stable CSV. I do not know if it happens upon shutdown and if it is relevant to bug #29358. This happens with CURL only. Reproduce code: --------------- The sample code can be found at: http://www.grik.net/sample.phps Can be run form command line: php -f sample.php Expected result: ---------------- In PHP 4.3.7 this script would output the amount of bytes obtained from CURL: 8192 8192 ... Actual result: -------------- In PHP 5.0.0: 8192 8192 Segmentation fault Backtrace (I am not enough good with gdb, could not locate): (gdb) bt #0 0x081f714a in _zval_copy_ctor (zvalue=0x8344684, __zend_filename=0x8273780 "/usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c", __zend_lineno=3001) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_variables.c:136 #1 0x08227ab6 in zend_send_by_var_helper (execute_data=0xbfffb210, opline=0x8349e38, op_array=0x834b0e4) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:3001 #2 0x08221824 in zend_send_var_handler (execute_data=0xbfffb210, opline=0x8349e38, op_array=0x834b0e4) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:3061 #3 0x0821cb76 in execute (op_array=0x834b0e4) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:1400 #4 0x081ed157 in zend_call_function (fci=0xbfffb370, fci_cache=0x0) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute_API.c:835 #5 0x081ec1a9 in call_user_function_ex (function_table=0x0, object_pp=0x82e5f00, function_name=0xbfffb400, retval_ptr_ptr=0xbfffb3fc, param_count=1, params=0xbfffb3f0, no_separation=0, symbol_table=0x0) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute_API.c:550 #6 0x081cd58c in php_userstreamop_write (stream=0x83446c4, buf=0x40030000 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n <title>PHP: Hypertext Preprocessor</title>\n <link rel=\"stylesheet\" href=\"http://static.php.net/www.php.net/style.css\"; />\n"..., count=8192) at /usr/src/web/php5-STABLE-200408292230/main/streams/userspace.c:459 #7 0x081c539d in _php_stream_write_buffer (stream=0x83446c4, buf=0x40030000 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n <title>PHP: Hypertext Preprocessor</title>\n <link rel=\"stylesheet\" href=\"http://static.php.net/www.php.net/style.css\"; />\n"..., count=8192) at /usr/src/web/php5-STABLE-200408292230/main/streams/streams.c:889 #8 0x081c561f in _php_stream_write (stream=0x83446c4, buf=0x40030000 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n <title>PHP: Hypertext Preprocessor</title>\n <link rel=\"stylesheet\" href=\"http://static.php.net/www.php.net/style.css\"; />\n"..., count=8192) at /usr/src/web/php5-STABLE-200408292230/main/streams/streams.c:1000 #9 0x081c7c66 in stream_cookie_writer (cookie=0x83446c4, buffer=0x40030000 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n <title>PHP: Hypertext Preprocessor</title>\n <link rel=\"stylesheet\" href=\"http://static.php.net/www.php.net/style.css\"; />\n"..., size=8192) at /usr/src/web/php5-STABLE-200408292230/main/streams/cast.c:96 #10 0x42062019 in _IO_cookie_write () from /lib/tls/libc.so.6 #11 0x4206d09e in new_do_write () from /lib/tls/libc.so.6 #12 0x4206d036 in _IO_new_do_write () from /lib/tls/libc.so.6 #13 0x4206d7b8 in _IO_new_file_overflow () from /lib/tls/libc.so.6 #14 0x4206e220 in _IO_new_file_xsputn () from /lib/tls/libc.so.6 #15 0x42062a62 in fwrite () from /lib/tls/libc.so.6 #16 0x40027de3 in last_use () from /usr/lib/20040412/curl.so #17 0x4064c139 in Curl_client_write (data=0x834c50c, type=1, ptr=0x834c7b8 ">\n The PHP Development Team would like to announce the immediate availability of <a href=\"/downloads.php\">PHP 5.0.1</a>.\n This is a maintenance release that in addition to many non-critical bug fixes "..., len=1448) at sendf.c:337 #18 0x40663fcf in Curl_httpchunk_read (conn=0x8344f3c, datap=0x834c7b8 ">\n The PHP Development Team would like to announce the immediate availability of <a href=\"/downloads.php\">PHP 5.0.1</a>.\n This is a maintenance release that in addition to many non-critical bug fixes "..., datalen=1448, wrotep=0xbfffb880) at http_chunks.c:186 #19 0x40660fd7 in Curl_readwrite (conn=0x8344f3c, done=0xbfffb8df "") at transfer.c:980 #20 0x40661f56 in Transfer (conn=0x8344f3c) at transfer.c:1480 #21 0x4066294a in Curl_perform (data=0x834c50c) at transfer.c:1985 #22 0x40663175 in curl_easy_perform (curl=0x834c50c) at easy.c:378 #23 0x4002ab43 in last_use () from /usr/lib/20040412/curl.so #24 0x0822053b in zend_do_fcall_common_helper (execute_data=0xbfffbc20, opline=0x8348d90, op_array=0x834423c) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:2708 #25 0x08220caf in zend_do_fcall_handler (execute_data=0xbfffbc20, opline=0x8348d90, op_array=0x834423c) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:2840 #26 0x0821cb76 in execute (op_array=0x834423c) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:1400 #27 0x081f9331 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php5-STABLE-200408292230/Zend/zend.c:1061 #28 0x081b3c77 in php_execute_script (primary_file=0xbfffe020) at /usr/src/web/php5-STABLE-200408292230/main/main.c:1629 #29 0x08229f73 in main (argc=3, argv=0xbfffe0b4) at /usr/src/web/php5-STABLE-200408292230/sapi/cli/php_cli.c:943 #30 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6 (gdb) frame 0 #0 0x081f714a in _zval_copy_ctor (zvalue=0x8344684, __zend_filename=0x8273780 "/usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c", __zend_lineno=3001) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_variables.c:136 136 CHECK_ZVAL_STRING_REL(zvalue); (gdb) frame 1 #1 0x08227ab6 in zend_send_by_var_helper (execute_data=0xbfffb210, opline=0x8349e38, op_array=0x834b0e4) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:3001 3001 zval_copy_ctor(varptr); (gdb) frame 2 #2 0x08221824 in zend_send_var_handler (execute_data=0xbfffb210, opline=0x8349e38, op_array=0x834b0e4) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:3061 3061 return zend_send_by_var_helper(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); (gdb) frame 3 #3 0x0821cb76 in execute (op_array=0x834b0e4) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute.c:1400 1400 if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) { (gdb) frame 4 #4 0x081ed157 in zend_call_function (fci=0xbfffb370, fci_cache=0x0) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute_API.c:835 835 zend_execute(EG(active_op_array) TSRMLS_CC); (gdb) frame 5 #5 0x081ec1a9 in call_user_function_ex (function_table=0x0, object_pp=0x82e5f00, function_name=0xbfffb400, retval_ptr_ptr=0xbfffb3fc, param_count=1, params=0xbfffb3f0, no_separation=0, symbol_table=0x0) at /usr/src/web/php5-STABLE-200408292230/Zend/zend_execute_API.c:550 550 return zend_call_function(&fci, NULL TSRMLS_CC); (gdb) frame 6 #6 0x081cd58c in php_userstreamop_write (stream=0x83446c4, buf=0x40030000 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n <title>PHP: Hypertext Preprocessor</title>\n <link rel=\"stylesheet\" href=\"http://static.php.net/www.php.net/style.css\"; />\n"..., count=8192) at /usr/src/web/php5-STABLE-200408292230/main/streams/userspace.c:459 459 call_result = call_user_function_ex(NULL, (gdb) frame 7 #7 0x081c539d in _php_stream_write_buffer (stream=0x83446c4, buf=0x40030000 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n <title>PHP: Hypertext Preprocessor</title>\n <link rel=\"stylesheet\" href=\"http://static.php.net/www.php.net/style.css\"; />\n"..., count=8192) at /usr/src/web/php5-STABLE-200408292230/main/streams/streams.c:889 889 justwrote = stream->ops->write(stream, buf, towrite TSRMLS_CC); (gdb) frame 8 #8 0x081c561f in _php_stream_write (stream=0x83446c4, buf=0x40030000 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n <title>PHP: Hypertext Preprocessor</title>\n <link rel=\"stylesheet\" href=\"http://static.php.net/www.php.net/style.css\"; />\n"..., count=8192) at /usr/src/web/php5-STABLE-200408292230/main/streams/streams.c:1000 1000 return _php_stream_write_buffer(stream, buf, count TSRMLS_CC); (gdb) -- Edit bug report at http://bugs.php.net/?id=29886&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29886&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=29886&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=29886&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=29886&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29886&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29886&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29886&r=needscript Try newer version: http://bugs.php.net/fix.php?id=29886&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=29886&r=support Expected behavior: http://bugs.php.net/fix.php?id=29886&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=29886&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=29886&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29886&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29886&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29886&r=dst IIS Stability: http://bugs.php.net/fix.php?id=29886&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=29886&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29886&r=float
