php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68937 Segfault in curl_multi_exec
Submitted: 2015-01-28 20:23 UTC Modified: 2015-01-30 04:01 UTC
From: [email protected] Assigned:
Status: Closed Package: cURL related
PHP Version: master-Git-2015-01-28 (Git) OS: Centos 64bit
Private report: No CVE-ID: None
View Developer Edit
 [2015-01-28 20:23 UTC] [email protected] 
Description:
------------
Segfault occurs in curl_multi_exec when testing simple script.

Test script:
---------------
Test script here:

https://gist.github.com/Danack/ce6be556842d645ab0ce

It uses the Amazon PHP sdk.

Expected result:
----------------
Code should not segfault

Actual result:
--------------
==8799== Invalid read of size 4
==8799==    at 0x56BF53: curl_read (zend_types.h:696)
==8799==    by 0x5C29F26: Curl_fillreadbuffer (in /usr/lib64/libcurl.so.4.1.1)
==8799==    by 0x5C2B04B: Curl_readwrite (in /usr/lib64/libcurl.so.4.1.1)
==8799==    by 0x5C31745: ??? (in /usr/lib64/libcurl.so.4.1.1)
==8799==    by 0x5C31DB2: curl_multi_perform (in /usr/lib64/libcurl.so.4.1.1)
==8799==    by 0x573369: zif_curl_multi_exec (multi.c:222)
==8799==    by 0x8C600B: ZEND_DO_FCALL_SPEC_HANDLER (zend_vm_execute.h:596)
==8799==    by 0x86F39F: execute_ex (zend_vm_execute.h:352)
==8799==    by 0x824F0B: zend_call_function (zend_execute_API.c:835)
==8799==    by 0x853E7C: zend_call_method (zend_interfaces.c:101)
==8799==    by 0x86741F: zend_std_call_user_call (zend_object_handlers.c:912)
==8799==    by 0x8C600B: ZEND_DO_FCALL_SPEC_HANDLER (zend_vm_execute.h:596)
==8799==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-29 09:24 UTC] [email protected] 
It looks like ch->handlers->read->res is NULL inside curl_read

Also, with 5.6 curl_read is called with:
"PUT /rpm.example.com/LICENSE.md HTTP/1.1\r\nHost: s3-eu-..."

whereas master's curl_read gets "PUT / HTTP/1.1\r\nHost: s3-eu-..."
 [2015-01-29 11:38 UTC] [email protected] 
are you able to refine it to a simple script? 

I can not find the "autoload.php" in your example

thanks
 [2015-01-29 12:49 UTC] [email protected] 
Hi Laruence,

No, I'm not able to reduce it to a simple script. This is testing the Amazon AWS SDK, which is massive and I don't think it would be trivial to reproduce this bug outside of that SDK.

However there are instructions on how to setup the example in the test script:

// Download https://github.com/aws/aws-sdk-php and stick this file
// in the root directory and do a composer update.
 [2015-01-29 12:55 UTC] [email protected] 
mbeccati,

> Also, with 5.6 curl_read is called with:
> "PUT /rpm.example.com/LICENSE.md HTTP/1.1\r\nHost: s3-eu-..."
>
> whereas master's curl_read gets "PUT / HTTP/1.1\r\nHost: s3-eu-..."

That would explain the large number of errors related to URLs that occur when running the test suite for the AWS sdk. The test suite for the AWS sdk is in that repo, but is only available if you 'git clone' it, as the zip archive has the test suite excluded, and is run with 'make test'. It has no errors on 5.6 and lots of seemingly related ones in 7.
 [2015-01-30 04:01 UTC] [email protected] 
damned, composer is blocked  in china....
 [2015-01-30 05:13 UTC] [email protected] 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=73288bbea498351a3123bb60d1ebafe477bd12a3
Log: Fixed bug #68937 (Segfault in curl_multi_exec)
 [2015-01-30 05:13 UTC] [email protected]
-Status: Open +Status: Closed
 [2016-07-20 11:39 UTC] [email protected] 
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=73288bbea498351a3123bb60d1ebafe477bd12a3
Log: Fixed bug #68937 (Segfault in curl_multi_exec)
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Tue Mar 17 12:00:01 2026 UTC