PHP curl, memory leak when using CURLOPT_SSL_VERIF

2019-04-02 13:36发布

问题:

I have been using cloudfusion for quite a while and needed to switch to the newer version AWS sdk and ran into memory leaks. The memory leak has been reported for about a year, without a real solution. After a lot of reading, running tests and investigating results the following simple daemon reproduces the issue

#! /usr/bin/env php
<?php class httpsTest{
    function curlHttps($memLeak=false){
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, 'https://sqs.us-east-1.amazonaws.com');
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $memLeak);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_exec($curl);
        curl_close($curl);
    }
}
gc_enable();
$myPid = getmypid();$i=0;
$test  = new httpsTest();
while ($test){
    $test->curlHttps(true);
    echo $i++ ." PHP Info MemUsage: ".memory_get_usage() ."    Linux Info ";
    system('cat /proc/' .$myPid .'/status|grep '.'"VmSize"');
    sleep(1);
}

So when using the CURLOPT_SSL_VERIFYPEER with value true it leaks 132 kbytes every 18 iterations. To make sure I'm not beating a dead horse the fedora 14 system has been updated with php 5.3.10, libcurl 7.24.0.-1.0, nss-3.12.10-7, openssl-1.0.0e-1.

I cannot imagine that no one has ran into this before although it looks all fine when you just rely on the php memory reporting. To be sure I have reported it to the php experts, but it looks like php is doing it right and the leak is created in the used libraries.

What could I do to collect useful information for getting this resolved, I checked the leaking heap and could clearly see a difference in the leaked and none leaked situation. In the leaked situation the top of the heap was filled with mostly 16 byte objects having an address while being further empty. So it looks like objects are being emptied but not released.

Thanks a lot for any suggestion

回答1:

The issue is still happening when doing many HTTPS connections. Check this out https://bugs.php.net/bug.php?id=76542

Stick to curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);