From: fel...@php.net Operating system: Linux PHP version: 5.3CVS-2009-07-02 (CVS) PHP Bug Type: cURL related Bug description: SIGSEGVs when using curl_copy_handle()
Description: ------------ See below. Reproduce code: --------------- 1º <?php $url = "http://localhost/";; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, array("Hello" => "World")); curl_setopt($ch, CURLOPT_URL, $url); $copy = curl_copy_handle($ch); curl_close($ch); 2º <?php $url = "http://localhost/";; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, array("Hello" => "World")); curl_setopt($ch, CURLOPT_URL, $url); $copy = curl_copy_handle($ch); curl_close($ch); curl_exec($copy); curl_close($copy); Expected result: ---------------- No SIGSEGV. Actual result: -------------- 1º *** glibc detected *** sapi/cli/php: double free or corruption (fasttop): 0x0a663260 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb65a81d4] /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb65aa186] /usr/local/lib/libcurl.so.4(curl_formfree+0x8a)[0xb74533ca] sapi/cli/php[0x819c1af] sapi/cli/php(zend_llist_destroy+0x33)[0x8612f05] sapi/cli/php(zend_llist_clean+0x11)[0x8612f71] sapi/cli/php[0x81a0a40] sapi/cli/php[0x81a0d81] sapi/cli/php[0x86321e4] sapi/cli/php(zend_hash_del_key_or_index+0x192)[0x862f5d9] sapi/cli/php(_zend_list_delete+0xa0)[0x8631df4] sapi/cli/php(_zval_dtor_func+0x198)[0x861cb28] sapi/cli/php[0x860cfcc] sapi/cli/php(_zval_ptr_dtor+0xb8)[0x860d3b1] sapi/cli/php(_zval_ptr_dtor_wrapper+0x21)[0x861cf08] sapi/cli/php[0x862fa96] sapi/cli/php(zend_hash_graceful_reverse_destroy+0x3e)[0x862fc1a] sapi/cli/php[0x860c5bb] sapi/cli/php[0x861f79a] sapi/cli/php(php_request_shutdown+0x682)[0x8590ac0] sapi/cli/php[0x87035c7] /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb654f775] sapi/cli/php[0x8078a91] 2º Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb631a6f0 (LWP 4050)] 0xb74ef368 in curl_formfree () from /usr/local/lib/libcurl.so.4 Current language: auto; currently asm (gdb) bt #0 0xb74ef368 in curl_formfree () from /usr/local/lib/libcurl.so.4 #1 0xb74ef37c in curl_formfree () from /usr/local/lib/libcurl.so.4 #2 0x0819c1af in curl_free_post (post=0xaa1741c) at /home/felipe/dev/php5/ext/curl/interface.c:1246 #3 0x08612f05 in zend_llist_destroy (l=0xaa17230) at /home/felipe/dev/php5/Zend/zend_llist.c:114 #4 0x08612f71 in zend_llist_clean (l=0xaa17230) at /home/felipe/dev/php5/Zend/zend_llist.c:126 #5 0x081a0a40 in _php_curl_close_ex (ch=0xaa17128, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/ext/curl/interface.c:2302 #6 0x081a0d81 in _php_curl_close (rsrc=0xaa174d8, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/ext/curl/interface.c:2343 #7 0x086321e4 in list_entry_destructor (ptr=0xaa174d8) at /home/felipe/dev/php5/Zend/zend_list.c:184 #8 0x0862f5d9 in zend_hash_del_key_or_index (ht=0xa7ac7d4, arKey=0x0, nKeyLength=0, h=5, flag=1) at /home/felipe/dev/php5/Zend/zend_hash.c:497 #9 0x08631df4 in _zend_list_delete (id=5, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/Zend/zend_list.c:58 #10 0x081a09b5 in zif_curl_close (ht=1, return_value=0xaa16fe8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/ext/curl/interface.c:2279 -- Edit bug report at http://bugs.php.net/?id=48774&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=48774&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=48774&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=48774&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=48774&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=48774&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=48774&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=48774&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=48774&r=needscript Try newer version: http://bugs.php.net/fix.php?id=48774&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=48774&r=support Expected behavior: http://bugs.php.net/fix.php?id=48774&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=48774&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=48774&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=48774&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48774&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=48774&r=dst IIS Stability: http://bugs.php.net/fix.php?id=48774&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=48774&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=48774&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=48774&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=48774&r=mysqlcfg
