php · devnexen · Jan 24, 2026 · Girgias · Jan 24, 2026 · devnexen
@@ -652,6 +652,9 @@ static int curl_progress(void *clientp, double dltotal, double dlnow, double ult
 	fprintf(stderr, "curl_progress() called\n");
 	fprintf(stderr, "clientp = %x, dltotal = %f, dlnow = %f, ultotal = %f, ulnow = %f\n", clientp, dltotal, dlnow, ultotal, ulnow);
 #endif
+	if (!ZEND_FCC_INITIALIZED(ch->handlers.progress)) {
+		return rval;
+	}
 
 	zval args[5];
 	zval retval;
@@ -690,6 +693,9 @@ static int curl_xferinfo(void *clientp, curl_off_t dltotal, curl_off_t dlnow, cu
 	fprintf(stderr, "curl_xferinfo() called\n");
 	fprintf(stderr, "clientp = %x, dltotal = %ld, dlnow = %ld, ultotal = %ld, ulnow = %ld\n", clientp, dltotal, dlnow, ultotal, ulnow);
 #endif
+	if (!ZEND_FCC_INITIALIZED(ch->handlers.xferinfo)) {
+		return rval;
+	}
 
 	zval argv[5];
 	zval retval;

@@ -0,0 +1,25 @@
+--TEST--
+GH-21023 (crash with CURLOPT_XFERINFOFUNCTION set with an invalid callback)
+--EXTENSIONS--
+curl
+--INI--
+error_reporting = E_ALL & ~E_DEPRECATED
+--FILE--
+<?php
+include 'server.inc';
+$host = curl_cli_server_start();
+$url = "{$host}/get.inc";
+$ch = curl_init($url);
+curl_setopt($ch, CURLOPT_NOPROGRESS, 0);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_XFERINFOFUNCTION, $callback);
-curl_setopt($ch, CURLOPT_XFERINFOFUNCTION, $callback);
+curl_setopt($ch, CURLOPT_XFERINFOFUNCTION, null);
-curl_setopt($ch, CURLOPT_XFERINFOFUNCTION, $callback);
+curl_setopt($ch, CURLOPT_XFERINFOFUNCTION, null);
+curl_exec($ch);
+$ch = curl_init($url);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, $callback);
-curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, $callback);
+curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, null);
-curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, $callback);
+curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, null);
+curl_exec($ch);
+?>
+--EXPECTF--
+Warning: Undefined variable $callback in %s on line %d
+
+Warning: Undefined variable $callback in %s on line %d