ID: 48774 Updated by: srina...@php.net Reported By: fel...@php.net Status: Open Bug Type: cURL related Operating System: Linux PHP Version: 5.3CVS-2009-07-02 (CVS) -Assigned To: +Assigned To: srinatar New Comment:
while looking into this bug, i also realized that this below test case is also broken less curl_copy_handle_basic_002.phpt ... curl_setopt($ch, CURLOPT_POSTFIELDS, "Hello=World&Foo=Bar&Person=John%20Doe"); curl_setopt($ch, CURLOPT_URL, $url); //set the url we want to use $copy = curl_copy_handle($ch); curl_close($ch); ... (currently, marked as expected failure..) so, i have filed a separate bug : 48965 to track this separately Previous Comments: ------------------------------------------------------------------------ [2009-07-14 09:40:45] sriram dot natarajan at gmail dot com Hi though the above patch does fix the crash reported by the developer, on further investigation this patch is not the right fix. the issue that is happening is when the form input data is a array, the constructed form data is not available when executing curl_exec on the cloned handle. ------------------------------------------------------------------------ [2009-07-11 10:54:13] sriram dot natarajan at gmail dot com here is a better way to read the patches.. http://pastebin.org/1041 ------------------------------------------------------------------------ [2009-07-11 10:12:27] sriram dot natarajan at gmail dot com i was able to reproduce this on rhel 5 which ships with curl 7.15.5. and this below patch seems to fix this problem --- ext/curl/interface.c.ORIG 2009-07-09 15:24:00.000000000 -0700 +++ ext/curl/interface.c 2009-07-11 03:08:56.000000000 -0700 @@ -1444,9 +1444,13 @@ zend_llist_copy(&dupch->to_free.str, &ch->to_free.str); /* Don't try to free copied strings, they're free'd when the original handle is destroyed */ dupch->to_free.str.dtor = NULL; -#endif + zend_llist_copy(&dupch->to_free.slist, &ch->to_free.slist); + dupch->to_free.slist.dtor = NULL; + zend_llist_copy(&dupch->to_free.post, &ch->to_free.post); + dupch->to_free.post.dtor = NULL; +#endif ZEND_REGISTER_RESOURCE(return_value, dupch, le_curl); dupch->id = Z_LVAL_P(return_value); need to investigate and possibly add couple of test cases ------------------------------------------------------------------------ [2009-07-09 16:31:59] daniel at haxx dot se I think it would help the devs if you'd also specify what libcurl version you use (preferably with curl -V or similar to give all the details). ------------------------------------------------------------------------ [2009-07-02 13:20:33] fel...@php.net Description: ------------ See below. Reproduce code: --------------- 1º <?php $url = "http://localhost/";; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, array("Hello" => "World")); curl_setopt($ch, CURLOPT_URL, $url); $copy = curl_copy_handle($ch); curl_close($ch); 2º <?php $url = "http://localhost/";; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, array("Hello" => "World")); curl_setopt($ch, CURLOPT_URL, $url); $copy = curl_copy_handle($ch); curl_close($ch); curl_exec($copy); curl_close($copy); Expected result: ---------------- No SIGSEGV. Actual result: -------------- 1º *** glibc detected *** sapi/cli/php: double free or corruption (fasttop): 0x0a663260 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb65a81d4] /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb65aa186] /usr/local/lib/libcurl.so.4(curl_formfree+0x8a)[0xb74533ca] sapi/cli/php[0x819c1af] sapi/cli/php(zend_llist_destroy+0x33)[0x8612f05] sapi/cli/php(zend_llist_clean+0x11)[0x8612f71] sapi/cli/php[0x81a0a40] sapi/cli/php[0x81a0d81] sapi/cli/php[0x86321e4] sapi/cli/php(zend_hash_del_key_or_index+0x192)[0x862f5d9] sapi/cli/php(_zend_list_delete+0xa0)[0x8631df4] sapi/cli/php(_zval_dtor_func+0x198)[0x861cb28] sapi/cli/php[0x860cfcc] sapi/cli/php(_zval_ptr_dtor+0xb8)[0x860d3b1] sapi/cli/php(_zval_ptr_dtor_wrapper+0x21)[0x861cf08] sapi/cli/php[0x862fa96] sapi/cli/php(zend_hash_graceful_reverse_destroy+0x3e)[0x862fc1a] sapi/cli/php[0x860c5bb] sapi/cli/php[0x861f79a] sapi/cli/php(php_request_shutdown+0x682)[0x8590ac0] sapi/cli/php[0x87035c7] /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb654f775] sapi/cli/php[0x8078a91] 2º Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb631a6f0 (LWP 4050)] 0xb74ef368 in curl_formfree () from /usr/local/lib/libcurl.so.4 Current language: auto; currently asm (gdb) bt #0 0xb74ef368 in curl_formfree () from /usr/local/lib/libcurl.so.4 #1 0xb74ef37c in curl_formfree () from /usr/local/lib/libcurl.so.4 #2 0x0819c1af in curl_free_post (post=0xaa1741c) at /home/felipe/dev/php5/ext/curl/interface.c:1246 #3 0x08612f05 in zend_llist_destroy (l=0xaa17230) at /home/felipe/dev/php5/Zend/zend_llist.c:114 #4 0x08612f71 in zend_llist_clean (l=0xaa17230) at /home/felipe/dev/php5/Zend/zend_llist.c:126 #5 0x081a0a40 in _php_curl_close_ex (ch=0xaa17128, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/ext/curl/interface.c:2302 #6 0x081a0d81 in _php_curl_close (rsrc=0xaa174d8, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/ext/curl/interface.c:2343 #7 0x086321e4 in list_entry_destructor (ptr=0xaa174d8) at /home/felipe/dev/php5/Zend/zend_list.c:184 #8 0x0862f5d9 in zend_hash_del_key_or_index (ht=0xa7ac7d4, arKey=0x0, nKeyLength=0, h=5, flag=1) at /home/felipe/dev/php5/Zend/zend_hash.c:497 #9 0x08631df4 in _zend_list_delete (id=5, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/Zend/zend_list.c:58 #10 0x081a09b5 in zif_curl_close (ht=1, return_value=0xaa16fe8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0xa7aa4b8) at /home/felipe/dev/php5/ext/curl/interface.c:2279 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48774&edit=1
