bjori Thu, 08 Sep 2011 14:37:18 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=316417
Log:
Fixed bug#54798 Segfault when CURLOPT_STDERR file pointer is closed before
calling curl_exec
Bug: https://bugs.php.net/54798 (Assigned) Segfault when CURLOPT_STDERR file
pointer is closed before calling curl_exec
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/curl/interface.c
U php/php-src/branches/PHP_5_3/ext/curl/tests/bug48203.phpt
A php/php-src/branches/PHP_5_3/ext/curl/tests/bug54798.phpt
U php/php-src/branches/PHP_5_4/ext/curl/interface.c
U php/php-src/branches/PHP_5_4/ext/curl/tests/bug48203.phpt
A php/php-src/branches/PHP_5_4/ext/curl/tests/bug54798.phpt
U php/php-src/trunk/ext/curl/interface.c
U php/php-src/trunk/ext/curl/tests/bug48203.phpt
A php/php-src/trunk/ext/curl/tests/bug54798.phpt
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2011-09-08 13:46:41 UTC (rev 316416)
+++ php/php-src/branches/PHP_5_3/NEWS 2011-09-08 14:37:18 UTC (rev 316417)
@@ -13,6 +13,10 @@
. Fixed bug #55504 (Content-Type header is not parsed correctly on
HTTP POST request). (Hannes)
+- Curl:
+ . Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed
+ before calling curl_exec). (Hannes)
+
- DateTime:
. Fixed bug #48476 (cloning extended DateTime class without calling
parent::__constr crashed PHP). (Hannes)
Modified: php/php-src/branches/PHP_5_3/ext/curl/interface.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/curl/interface.c 2011-09-08 13:46:41 UTC (rev 316416)
+++ php/php-src/branches/PHP_5_3/ext/curl/interface.c 2011-09-08 14:37:18 UTC (rev 316417)
@@ -2213,6 +2213,26 @@
_php_curl_cleanup_handle(ch);
+ if (ch->handlers->std_err) {
+ php_stream *stream;
+ stream = (php_stream*)zend_fetch_resource(&ch->handlers->std_err TSRMLS_CC, -1, NULL, NULL, 2, php_file_le_stream(), php_file_le_pstream());
+ if (stream == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_STDERR resource has gone away, resetting to stderr");
+ zval_ptr_dtor(&ch->handlers->std_err);
+ curl_easy_setopt(ch->cp, CURLOPT_STDERR, stderr);
+ }
+ }
+ if (ch->handlers->read && ch->handlers->read->stream) {
+ php_stream *stream;
+ stream = (php_stream*)zend_fetch_resource(&ch->handlers->read->stream TSRMLS_CC, -1, NULL, NULL, 2, php_file_le_stream(), php_file_le_pstream());
+ if (stream == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_INFILE resource has gone away, resetting to default");
+ zval_ptr_dtor(&ch->handlers->read->stream);
+ ch->handlers->read->fd = 0;
+ ch->handlers->read->fp = 0;
+ curl_easy_setopt(ch->cp, CURLOPT_INFILE, (void *) ch);
+ }
+ }
error = curl_easy_perform(ch->cp);
SAVE_CURL_ERROR(ch, error);
/* CURLE_PARTIAL_FILE is returned by HEAD requests */
Modified: php/php-src/branches/PHP_5_3/ext/curl/tests/bug48203.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/curl/tests/bug48203.phpt 2011-09-08 13:46:41 UTC (rev 316416)
+++ php/php-src/branches/PHP_5_3/ext/curl/tests/bug48203.phpt 2011-09-08 14:37:18 UTC (rev 316417)
@@ -18,16 +18,19 @@
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $fp);
-curl_setopt($ch, CURLOPT_URL, "");
+curl_setopt($ch, CURLOPT_URL, getenv('PHP_CURL_HTTP_REMOTE_SERVER'));
fclose($fp); // <-- premature close of $fp caused a crash!
curl_exec($ch);
+curl_close($ch);
echo "Ok\n";
?>
--CLEAN--
<?php @unlink(dirname(__FILE__) . '/bug48203.tmp'); ?>
---EXPECT--
+--EXPECTF--
+Warning: curl_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %sbug48203.php on line %d
+%A
Ok
Added: php/php-src/branches/PHP_5_3/ext/curl/tests/bug54798.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/curl/tests/bug54798.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/curl/tests/bug54798.phpt 2011-09-08 14:37:18 UTC (rev 316417)
@@ -0,0 +1,66 @@
+--TEST--
+Bug #48203 (Crash when file pointers passed to curl are closed before calling curl_exec)
+--SKIPIF--
+<?php
+if (!extension_loaded("curl")) {
+ exit("skip curl extension not loaded");
+}
+if (false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) {
+ exit("skip PHP_CURL_HTTP_REMOTE_SERVER env variable is not defined");
+}
+?>
+--FILE--
+<?php
+
+function checkForClosedFilePointer($curl_option, $description) {
+ $fp = fopen(dirname(__FILE__) . '/bug48203.tmp', 'w+');
+
+ $ch = curl_init();
+
+ // we also need CURLOPT_VERBOSE to be set to test CURLOPT_STDERR properly
+ if (CURLOPT_STDERR == $curl_option) {
+ curl_setopt($ch, CURLOPT_VERBOSE, 1);
+ }
+
+ if (CURLOPT_INFILE == $curl_option) {
+ curl_setopt($ch, CURLOPT_UPLOAD, 1);
+ }
+
+ curl_setopt($ch, $curl_option, $fp);
+
+ curl_setopt($ch, CURLOPT_URL, 'localhost');
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+ fclose($fp); // <-- premature close of $fp caused a crash!
+
+ curl_exec($ch);
+
+ curl_close($ch);
+
+ echo "Ok for $description\n";
+}
+
+$options_to_check = array(
+ "CURLOPT_STDERR",
+ "CURLOPT_WRITEHEADER",
+ "CURLOPT_FILE",
+ "CURLOPT_INFILE"
+);
+
+foreach($options_to_check as $option) {
+ checkForClosedFilePointer(constant($option), $option);
+}
+
+?>
+--CLEAN--
+<?php @unlink(dirname(__FILE__) . '/bug48203.tmp'); ?>
+--EXPECTF--
+Warning: curl_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %sbug48203_2.php on line %d
+* About to connect() %a
+* Closing connection #%d
+Ok for CURLOPT_STDERR
+Ok for CURLOPT_WRITEHEADER
+Ok for CURLOPT_FILE
+
+Warning: curl_exec(): CURLOPT_INFILE resource has gone away, resetting to default in %sbug48203_2.php on line %d
+Ok for CURLOPT_INFILE
Modified: php/php-src/branches/PHP_5_4/ext/curl/interface.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/curl/interface.c 2011-09-08 13:46:41 UTC (rev 316416)
+++ php/php-src/branches/PHP_5_4/ext/curl/interface.c 2011-09-08 14:37:18 UTC (rev 316417)
@@ -2209,6 +2209,26 @@
_php_curl_cleanup_handle(ch);
+ if (ch->handlers->std_err) {
+ php_stream *stream;
+ stream = (php_stream*)zend_fetch_resource(&ch->handlers->std_err TSRMLS_CC, -1, NULL, NULL, 2, php_file_le_stream(), php_file_le_pstream());
+ if (stream == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_STDERR resource has gone away, resetting to stderr");
+ zval_ptr_dtor(&ch->handlers->std_err);
+ curl_easy_setopt(ch->cp, CURLOPT_STDERR, stderr);
+ }
+ }
+ if (ch->handlers->read && ch->handlers->read->stream) {
+ php_stream *stream;
+ stream = (php_stream*)zend_fetch_resource(&ch->handlers->read->stream TSRMLS_CC, -1, NULL, NULL, 2, php_file_le_stream(), php_file_le_pstream());
+ if (stream == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_INFILE resource has gone away, resetting to default");
+ zval_ptr_dtor(&ch->handlers->read->stream);
+ ch->handlers->read->fd = 0;
+ ch->handlers->read->fp = 0;
+ curl_easy_setopt(ch->cp, CURLOPT_INFILE, (void *) ch);
+ }
+ }
error = curl_easy_perform(ch->cp);
SAVE_CURL_ERROR(ch, error);
/* CURLE_PARTIAL_FILE is returned by HEAD requests */
Modified: php/php-src/branches/PHP_5_4/ext/curl/tests/bug48203.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/curl/tests/bug48203.phpt 2011-09-08 13:46:41 UTC (rev 316416)
+++ php/php-src/branches/PHP_5_4/ext/curl/tests/bug48203.phpt 2011-09-08 14:37:18 UTC (rev 316417)
@@ -18,16 +18,19 @@
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $fp);
-curl_setopt($ch, CURLOPT_URL, "");
+curl_setopt($ch, CURLOPT_URL, getenv('PHP_CURL_HTTP_REMOTE_SERVER'));
fclose($fp); // <-- premature close of $fp caused a crash!
curl_exec($ch);
+curl_close($ch);
echo "Ok\n";
?>
--CLEAN--
<?php @unlink(dirname(__FILE__) . '/bug48203.tmp'); ?>
---EXPECT--
+--EXPECTF--
+Warning: curl_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %sbug48203.php on line %d
+%A
Ok
Added: php/php-src/branches/PHP_5_4/ext/curl/tests/bug54798.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/curl/tests/bug54798.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/curl/tests/bug54798.phpt 2011-09-08 14:37:18 UTC (rev 316417)
@@ -0,0 +1,66 @@
+--TEST--
+Bug #48203 (Crash when file pointers passed to curl are closed before calling curl_exec)
+--SKIPIF--
+<?php
+if (!extension_loaded("curl")) {
+ exit("skip curl extension not loaded");
+}
+if (false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) {
+ exit("skip PHP_CURL_HTTP_REMOTE_SERVER env variable is not defined");
+}
+?>
+--FILE--
+<?php
+
+function checkForClosedFilePointer($curl_option, $description) {
+ $fp = fopen(dirname(__FILE__) . '/bug48203.tmp', 'w+');
+
+ $ch = curl_init();
+
+ // we also need CURLOPT_VERBOSE to be set to test CURLOPT_STDERR properly
+ if (CURLOPT_STDERR == $curl_option) {
+ curl_setopt($ch, CURLOPT_VERBOSE, 1);
+ }
+
+ if (CURLOPT_INFILE == $curl_option) {
+ curl_setopt($ch, CURLOPT_UPLOAD, 1);
+ }
+
+ curl_setopt($ch, $curl_option, $fp);
+
+ curl_setopt($ch, CURLOPT_URL, 'localhost');
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+ fclose($fp); // <-- premature close of $fp caused a crash!
+
+ curl_exec($ch);
+
+ curl_close($ch);
+
+ echo "Ok for $description\n";
+}
+
+$options_to_check = array(
+ "CURLOPT_STDERR",
+ "CURLOPT_WRITEHEADER",
+ "CURLOPT_FILE",
+ "CURLOPT_INFILE"
+);
+
+foreach($options_to_check as $option) {
+ checkForClosedFilePointer(constant($option), $option);
+}
+
+?>
+--CLEAN--
+<?php @unlink(dirname(__FILE__) . '/bug48203.tmp'); ?>
+--EXPECTF--
+Warning: curl_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %sbug48203_2.php on line %d
+* About to connect() %a
+* Closing connection #%d
+Ok for CURLOPT_STDERR
+Ok for CURLOPT_WRITEHEADER
+Ok for CURLOPT_FILE
+
+Warning: curl_exec(): CURLOPT_INFILE resource has gone away, resetting to default in %sbug48203_2.php on line %d
+Ok for CURLOPT_INFILE
Modified: php/php-src/trunk/ext/curl/interface.c
===================================================================
--- php/php-src/trunk/ext/curl/interface.c 2011-09-08 13:46:41 UTC (rev 316416)
+++ php/php-src/trunk/ext/curl/interface.c 2011-09-08 14:37:18 UTC (rev 316417)
@@ -2209,6 +2209,26 @@
_php_curl_cleanup_handle(ch);
+ if (ch->handlers->std_err) {
+ php_stream *stream;
+ stream = (php_stream*)zend_fetch_resource(&ch->handlers->std_err TSRMLS_CC, -1, NULL, NULL, 2, php_file_le_stream(), php_file_le_pstream());
+ if (stream == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_STDERR resource has gone away, resetting to stderr");
+ zval_ptr_dtor(&ch->handlers->std_err);
+ curl_easy_setopt(ch->cp, CURLOPT_STDERR, stderr);
+ }
+ }
+ if (ch->handlers->read && ch->handlers->read->stream) {
+ php_stream *stream;
+ stream = (php_stream*)zend_fetch_resource(&ch->handlers->read->stream TSRMLS_CC, -1, NULL, NULL, 2, php_file_le_stream(), php_file_le_pstream());
+ if (stream == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_INFILE resource has gone away, resetting to default");
+ zval_ptr_dtor(&ch->handlers->read->stream);
+ ch->handlers->read->fd = 0;
+ ch->handlers->read->fp = 0;
+ curl_easy_setopt(ch->cp, CURLOPT_INFILE, (void *) ch);
+ }
+ }
error = curl_easy_perform(ch->cp);
SAVE_CURL_ERROR(ch, error);
/* CURLE_PARTIAL_FILE is returned by HEAD requests */
Modified: php/php-src/trunk/ext/curl/tests/bug48203.phpt
===================================================================
--- php/php-src/trunk/ext/curl/tests/bug48203.phpt 2011-09-08 13:46:41 UTC (rev 316416)
+++ php/php-src/trunk/ext/curl/tests/bug48203.phpt 2011-09-08 14:37:18 UTC (rev 316417)
@@ -1,5 +1,5 @@
--TEST--
-Bug #48203 (Crash when file pointers passed to curl are closed before calling curl_exec)
+Bug #48203 (Crash when CURLOPT_STDERR is set to regular file)
--SKIPIF--
<?php
if (!extension_loaded("curl")) {
@@ -12,68 +12,25 @@
--FILE--
<?php
-function checkForClosedFilePointer($curl_option, $description) {
- $fp = fopen(dirname(__FILE__) . '/bug48203.tmp', 'w+');
+$fp = fopen(dirname(__FILE__) . '/bug48203.tmp', 'w');
- $ch = curl_init();
+$ch = curl_init();
- // we also need CURLOPT_VERBOSE to be set to test CURLOPT_STDERR properly
- if (CURLOPT_STDERR == $curl_option) {
- curl_setopt($ch, CURLOPT_VERBOSE, 1);
- }
+curl_setopt($ch, CURLOPT_VERBOSE, 1);
+curl_setopt($ch, CURLOPT_STDERR, $fp);
+curl_setopt($ch, CURLOPT_URL, getenv('PHP_CURL_HTTP_REMOTE_SERVER'));
- if (CURLOPT_INFILE == $curl_option) {
- curl_setopt($ch, CURLOPT_UPLOAD, 1);
- }
+fclose($fp); // <-- premature close of $fp caused a crash!
- curl_setopt($ch, $curl_option, $fp);
-
- curl_setopt($ch, CURLOPT_URL, 'localhost');
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_exec($ch);
+curl_close($ch);
- fclose($fp); // <-- premature close of $fp caused a crash!
+echo "Ok\n";
- curl_exec($ch);
-
- curl_close($ch);
-
- echo "Ok for $description\n";
-}
-
-$options_to_check = array(
- "CURLOPT_STDERR",
- "CURLOPT_WRITEHEADER",
- "CURLOPT_FILE",
- "CURLOPT_INFILE"
-);
-
-foreach($options_to_check as $option) {
- checkForClosedFilePointer(constant($option), $option);
-}
-
?>
--CLEAN--
<?php @unlink(dirname(__FILE__) . '/bug48203.tmp'); ?>
--EXPECTF--
-Warning: curl_exec(): %d is not a valid stream resource in %s on line %d
-
-Warning: curl_exec(): CURLOPT_STDERR handle is incorrect in %s on line %d
-* About to connect() %a
-* Closing connection #%d
-Ok for CURLOPT_STDERR
-
-Warning: curl_exec(): %d is not a valid stream resource in %s on line %d
-
-Warning: curl_exec(): CURLOPT_WRITEHEADER handle is incorrect in %s on line %d
-Ok for CURLOPT_WRITEHEADER
-
-Warning: curl_exec(): %d is not a valid stream resource in %s on line %d
-
-Warning: curl_exec(): CURLOPT_FILE handle is incorrect in %s on line %d
-%a
-Ok for CURLOPT_FILE
-
-Warning: curl_exec(): %d is not a valid stream resource in %s on line %d
-
-Warning: curl_exec(): CURLOPT_INFILE handle is incorrect in %s on line %d
-Ok for CURLOPT_INFILE
+Warning: curl_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %sbug48203.php on line %d
+%A
+Ok
Added: php/php-src/trunk/ext/curl/tests/bug54798.phpt
===================================================================
--- php/php-src/trunk/ext/curl/tests/bug54798.phpt (rev 0)
+++ php/php-src/trunk/ext/curl/tests/bug54798.phpt 2011-09-08 14:37:18 UTC (rev 316417)
@@ -0,0 +1,66 @@
+--TEST--
+Bug #48203 (Crash when file pointers passed to curl are closed before calling curl_exec)
+--SKIPIF--
+<?php
+if (!extension_loaded("curl")) {
+ exit("skip curl extension not loaded");
+}
+if (false === getenv('PHP_CURL_HTTP_REMOTE_SERVER')) {
+ exit("skip PHP_CURL_HTTP_REMOTE_SERVER env variable is not defined");
+}
+?>
+--FILE--
+<?php
+
+function checkForClosedFilePointer($curl_option, $description) {
+ $fp = fopen(dirname(__FILE__) . '/bug48203.tmp', 'w+');
+
+ $ch = curl_init();
+
+ // we also need CURLOPT_VERBOSE to be set to test CURLOPT_STDERR properly
+ if (CURLOPT_STDERR == $curl_option) {
+ curl_setopt($ch, CURLOPT_VERBOSE, 1);
+ }
+
+ if (CURLOPT_INFILE == $curl_option) {
+ curl_setopt($ch, CURLOPT_UPLOAD, 1);
+ }
+
+ curl_setopt($ch, $curl_option, $fp);
+
+ curl_setopt($ch, CURLOPT_URL, 'localhost');
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+ fclose($fp); // <-- premature close of $fp caused a crash!
+
+ curl_exec($ch);
+
+ curl_close($ch);
+
+ echo "Ok for $description\n";
+}
+
+$options_to_check = array(
+ "CURLOPT_STDERR",
+ "CURLOPT_WRITEHEADER",
+ "CURLOPT_FILE",
+ "CURLOPT_INFILE"
+);
+
+foreach($options_to_check as $option) {
+ checkForClosedFilePointer(constant($option), $option);
+}
+
+?>
+--CLEAN--
+<?php @unlink(dirname(__FILE__) . '/bug48203.tmp'); ?>
+--EXPECTF--
+Warning: curl_exec(): CURLOPT_STDERR resource has gone away, resetting to stderr in %sbug48203_2.php on line %d
+* About to connect() %a
+* Closing connection #%d
+Ok for CURLOPT_STDERR
+Ok for CURLOPT_WRITEHEADER
+Ok for CURLOPT_FILE
+
+Warning: curl_exec(): CURLOPT_INFILE resource has gone away, resetting to default in %sbug48203_2.php on line %d
+Ok for CURLOPT_INFILE
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
