Edit report at http://bugs.php.net/bug.php?id=52827&edit=1
ID: 52827 Updated by: ahar...@php.net Reported by: cataphr...@php.net Summary: cURL leaks handle and causes assertion error (CURLOPT_STDERR) -Status: Open +Status: Assigned Type: Bug Package: cURL related Operating System: Debian Lenny x64; Windows 7 x64 PHP Version: 5.3.3 -Assigned To: +Assigned To: aharvey Block user comment: N Previous Comments: ------------------------------------------------------------------------ [2010-09-13 20:49:58] cataphr...@php.net The following patch has been added/updated: Patch Name: curlopt_stderr_with_test Revision: 1284403798 URL: http://bugs.php.net/patch-display.php?bug=52827&patch=curlopt_stderr_with_test&revision=1284403798 ------------------------------------------------------------------------ [2010-09-13 16:56:01] cataphr...@php.net The following patch has been added/updated: Patch Name: curlopt_stderr Revision: 1284389761 URL: http://bugs.php.net/patch-display.php?bug=52827&patch=curlopt_stderr&revision=1284389761 ------------------------------------------------------------------------ [2010-09-13 16:55:39] cataphr...@php.net Description: ------------ curl_setopt, when given a stream with CURLOPT_STDERR, stores the zval* and increments both the refcount of the zval* and of the resource. Only the refcount of the zval should be incremented. Additionally, due to a flaw in the streams API, this leak results in an assertion error. The reason is that on shutdown the unexposed/leaked resources are destroyed in reverse order, so the encapsulated STDIO stream is destroyed first and when the TEMP stream is destroyed, it then tries to close the encapsulated STDIO steam again. I will submit this as a separate bug report. Test script: --------------- <?php $s = fopen('php://temp/maxmemory=1024','wb+'); /* force conversion of inner stream to STDIO. * This is not necessary in Windows because the * cast to a FILE* handle in curl_setopt already * forces the conversion in that platform. The * reason for this conversion is that the memory * stream has an ugly but working mechanism to * prevent being double freed when it's encapsulated, * while STDIO streams don't. */ $i = 0; while ($i++ < 5000) { fwrite($s, str_repeat('a',1024)); } $handle=curl_init('http://www.example.com'); curl_setopt($handle, CURLOPT_STDERR, $s); Expected result: ---------------- No output. Actual result: -------------- (with stream debug) stream_alloc: TEMP:0x12a61b0 persistent=(null) stream_alloc: MEMORY:0x12a6488 persistent=(null) stream_alloc: STDIO:0x12a6f90 persistent=(null) stream_free: MEMORY:0x12a6488[(null)] in_free=0 opts=00000003 stream_free: MEMORY:0x12a6488[(null)] preserve_handle=0 release_cast=1 remove_rs rc=1 stream_free: MEMORY:0x12a6488[(null)] in_free=1 opts=0000000b stream_free: STDIO:0x12a6f90[/tmp/phpghmjqQ] in_free=0 opts=0000000b stream_free: STDIO:0x12a6f90[/tmp/phpghmjqQ] preserve_handle=0 release_cast=1 re move_rsrc=1 /tmp/php-5.3.3/main/streams/streams.c(400) : Stream of type 'STDIO' 0x12a6f90 (p ath:/tmp/phpghmjqQ) was not closed stream_free: TEMP:0x12a61b0[php://temp/maxmemory=1024] in_free=0 opts=0000000b stream_free: TEMP:0x12a61b0[php://temp/maxmemory=1024] preserve_handle=0 release _cast=1 remove_rsrc=1 php: /tmp/php-5.3.3/main/streams/plain_wrapper.c:434: php_stdiop_flush: Assertio n `data != ((void *)0)' failed. Aborted #0 0x00007f74b5a22ed5 in raise () from /lib/libc.so.6 #1 0x00007f74b5a243f3 in abort () from /lib/libc.so.6 #2 0x00007f74b5a1bdc9 in __assert_fail () from /lib/libc.so.6 #3 0x000000000076129e in php_stdiop_flush (stream=0x1049dc8) at /tmp/php-5.3.3/main/streams/plain_wrapper.c:434 #4 0x00000000007596dd in _php_stream_flush (stream=0x1049dc8, closing=0) at /tmp/php-5.3.3/main/streams/streams.c:1050 #5 0x000000000075df57 in php_stream_temp_flush (stream=0x1049050) at /tmp/php-5.3.3/main/streams/memory.c:440 #6 0x00000000007596dd in _php_stream_flush (stream=0x1049050, closing=1) at /tmp/php-5.3.3/main/streams/streams.c:1050 #7 0x0000000000757b4d in _php_stream_free (stream=0x1049050, close_options=11) at /tmp/php-5.3.3/main/streams/streams.c:331 #8 0x000000000075a831 in stream_resource_regular_dtor (rsrc=0x104ab48) at /tmp/php-5.3.3/main/streams/streams.c:1426 #9 0x00000000007c4f9e in list_entry_destructor (ptr=0x104ab48) at /tmp/php-5.3.3/Zend/zend_list.c:184 #10 0x00000000007c249d in zend_hash_apply_deleter (ht=0xe0c650, p=0x1049198) at /tmp/php-5.3.3/Zend/zend_hash.c:611 #11 0x00000000007c25ff in zend_hash_graceful_reverse_destroy (ht=0xe0c650) at /tmp/php-5.3.3/Zend/zend_hash.c:646 #12 0x00000000007c510f in zend_destroy_rsrc_list (ht=0xe0c650) at /tmp/php-5.3.3/Zend/zend_list.c:240 #13 0x00000000007b1549 in zend_deactivate () at /tmp/php-5.3.3/Zend/zend.c:896 #14 0x000000000073e71b in php_request_shutdown (dummy=0x0) at /tmp/php-5.3.3/main/main.c:1633 #15 0x0000000000899a12 in main (argc=2, argv=0x7fffea5acfa8) at /tmp/php-5.3.3/sapi/cli/php_cli.c:1373 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=52827&edit=1