Home Original page

PHP :: Bug #22681 :: cURL Special case Segfault

Bug #22681 cURL Special case Segfault
Submitted: 2003-03-13 10:31 UTC Modified: 2003-03-13 12:17 UTC
From: john@php.net Assigned:
Status: Closed Package: cURL related
PHP Version: 4.3.2-RC OS: Redhat
Private report: No CVE-ID: None

 [2003-03-13 10:31 UTC] john@php.net

I've found, by complete accident a very strange curl segfault produced by the following code:

    $ch = curl_init ("ftp://localhost/itworked.txt");
    curl_setopt($ch, CURLOPT_USERPWD, "php:foobar");
    $fr = fopen("curl_ex6.php");
    curl_setopt($ch, CURLOPT_INFILE, $fr);
    curl_setopt($ch, CURLOPT_UPLOAD, true);
    curl_exec($ch);
    fclose($fr);
    curl_close($ch);

Two important parts to this segfault:

   1) fopen() cannot actually be correctly formatted. It must fail to specify the mode. 

   2) The username, password set by curl_setopt must actually be a real username/password that works. If you provide a fake password, everything is fine.. but if you actually used a real password you segfault.


here's the BT:

#0  0x40259a85 in _IO_fread (buf=0x821ca25, size=1, count=16384, fp=0x0)
    at iofread.c:42
#1  0x08069893 in curl_read (data=0x821ca25 "", size=1, nmemb=16384,
    ctx=0x8217aac) at /usr/local/src/php-4.3.1/ext/curl/curl.c:394
#2  0x400f0842 in fillbuffer (conn=0x82130b0, bytes=16384) at transfer.c:137
#3  0x400f1c7e in Curl_readwrite (conn=0x82130b0, done=0xbfffccff "")
    at transfer.c:948
#4  0x400f24d2 in Transfer (conn=0x82130b0) at transfer.c:1247
#5  0x400f2a4e in Curl_perform (data=0x82183a8) at transfer.c:1586
#6  0x400f2dfc in curl_easy_perform (curl=0x82183a8) at easy.c:247
#7  0x0806b03d in zif_curl_exec (ht=1, return_value=0x820e73c, this_ptr=0x0,
    return_value_used=0) at /usr/local/src/php-4.3.1/ext/curl/curl.c:994
#8  0x0814c928 in execute (op_array=0x8213024)
    at /usr/local/src/php-4.3.1/Zend/zend_execute.c:1596
#9  0x0813a538 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/src/php-4.3.1/Zend/zend.c:864
#10 0x081143f5 in php_execute_script (primary_file=0xbffffa40)
    at /usr/local/src/php-4.3.1/main/main.c:1573
#11 0x08154e9c in main (argc=2, argv=0xbffffae4)
    at /usr/local/src/php-4.3.1/sapi/cli/php_cli.c:746
#12 0x40207306 in __libc_start_main (main=0x815451c <main>, argc=2,
    ubp_av=0xbffffae4, init=0x806461c <_init>, fini=0x815d280 <_fini>,
    rtld_fini=0x4000d2dc <_dl_fini>, stack_end=0xbffffadc)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2003-03-13 12:17 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.