php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #39140 SoapServer causes segfault in specific conditions.
Submitted: 2006-10-12 18:05 UTC Modified: 2006-10-16 11:15 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: harry at telappliant dot com Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.0RC6-dev OS: Linux 2.6.15-vs2.0.1-gentoo-r5
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: harry at telappliant dot com
New email:
PHP Version: OS:

 

 [2006-10-12 18:05 UTC] harry at telappliant dot com 
Description:
------------
when using use_soap_error_handler and a soap server & client without wsdl the soap server bombs if an exception is thrown!

Reproduce code:
---------------
# test.php
<?php
class TestClass
{
        public function getCallLog( ) {
                throw new Exception("bugger");
        }
}
use_soap_error_handler(TRUE);
$server = new SoapServer( NULL, array('uri' => 'http://example.com') );
$server->setClass('TestClass');
$server->handle();
?>

# test-client.php
<?php
$params = array( 'style' => SOAP_RPC, 'use' => SOAP_ENCODED, 'uri' => 'http://192.168.254.72/soapb$
$client = new SoapClient( NULL, $params );
$blah = $client->getCallLog( array() );
print_r($blah);
?>

Expected result:
----------------
The exception being passed back to the client.

Actual result:
--------------
The server-side bombs.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213290816 (LWP 8597)]
0xb74122e2 in zend_get_executed_lineno () from /usr/lib/apache2/modules/libphp5.so
(gdb) bt
#0  0xb74122e2 in zend_get_executed_lineno () from /usr/lib/apache2/modules/libphp5.so
#1  0xbfb21e18 in ?? ()
#2  0xb7434152 in zend_clear_exception () from /usr/lib/apache2/modules/libphp5.so
#3  0xb7434152 in zend_clear_exception () from /usr/lib/apache2/modules/libphp5.so
#4  0xb74341db in zend_clear_exception () from /usr/lib/apache2/modules/libphp5.so
#5  0xb74227dd in _object_and_properties_init () from /usr/lib/apache2/modules/libphp5.so
#6  0xb742288a in _object_init_ex () from /usr/lib/apache2/modules/libphp5.so
#7  0xb72fc097 in zif_SoapClient___setLocation () from /usr/lib/apache2/modules/libphp5.so
#8  0xb72ff61b in zif_SoapServer_fault () from /usr/lib/apache2/modules/libphp5.so
#9  0xb7435bcc in zend_throw_error_exception () from /usr/lib/apache2/modules/libphp5.so
#10 0xb7435d74 in zend_exception_error () from /usr/lib/apache2/modules/libphp5.so
#11 0xb74206aa in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
#12 0xb73ddcbb in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
#13 0xb74aa20e in zend_get_zval_ptr_ptr () from /usr/lib/apache2/modules/libphp5.so
#14 0x08068ed5 in ap_run_handler ()
#15 0x0806934c in ap_invoke_handler ()
#16 0x08066118 in ap_process_request ()
#17 0x08060fd8 in _start ()
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-12 18:07 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2006-10-13 09:23 UTC] harry at telappliant dot com 
Bug can still be replicated with PHP Version 5.2.0RC6-dev (snapshot 200610130830).

Full backtrace:
#0  0xb74603d2 in zend_get_executed_lineno ()
    at /home/harryr/software/php5.2-200610130830/Zend/zend_execute_API.c:394
No locals.
#1  0xb7483432 in zend_default_exception_new_ex (class_type=0xb7662418, skip_top_traces=1)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:97
        tmp = {value = {lval = -1078094272, dval = -0.11557535821119647, str = {
      val = 0xbfbd9640 "&#9618;&f&#9618;", len = -1078094248}, ht = 0xbfbd9640, obj = {handle = 3216873024,
      handlers = 0xbfbd9658}}, refcount = 0, type = 252 '&#9618;', is_ref = 168 '&#9618;'}
        obj = {value = {lval = 2, dval = -6.2692341670811935e-42, str = {
      val = 0x2 <Address 0x2 out of bounds>, len = -1218348576}, ht = 0x2, obj = {handle = 2,
      handlers = 0xb76179e0}}, refcount = 136390592, type = 72 'H', is_ref = 150 '\226'}
        object = (zend_object *) 0xb76626bc
#2  0xb74834bb in zend_default_exception_new (class_type=0x0)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:105
No locals.
#3  0xb746fb1c in _object_and_properties_init (arg=0xbfbd9810, class_type=0x82b9cf0,
    properties=0x0) at /home/harryr/software/php5.2-200610130830/Zend/zend_API.c:950
        tmp = (zval *) 0xb761a780
        object = (zend_object *) 0x5
#4  0xb746fbda in _object_init_ex (arg=0x1, class_type=0x1)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_API.c:957
No locals.
#5  0xb7343e07 in set_soap_fault (obj=0xbfbd9810, fault_code_ns=0x0,
    fault_code=0xb75c5360 "Server",
    fault_string=0xbfbd9830 "Uncaught exception 'Exception' with message 'bugger' in /home/webuser/                                              default/soapbug/test.php:5\nStack trace:\n#0 [internal function]: TestClass->getCallLog(Array, NULL                                              , NULL, NULL, NULL)\n#1 /home/webu"..., fault_actor=0x0, fault_detail=0x0, name=0x0)
    at /home/harryr/software/php5.2-200610130830/ext/soap/soap.c:3115
No locals.
#6  0xb7347338 in soap_error_handler (error_num=1,
    error_filename=0xb7663140 "/home/webuser/default/soapbug/test.php", error_lineno=5,
    format=0xb75bf02d "Uncaught %s\n  thrown", args=0xbfbd9c80 "&#9618;&#9618;e&#9618;&#9618;\234&#9618;&#9618;")
    at /home/harryr/software/php5.2-200610130830/ext/soap/soap.c:2134
        code = 0xb75c5360 "Server"
        buffer = "Uncaught exception 'Exception' with message 'bugger' in /home/webuser/default/soa                                              pbug/test.php:5\nStack trace:\n#0 [internal function]: TestClass->getCallLog(Array, NULL, NULL, NUL                                              L, NULL)\n#1 /home/webu"...
        outbuf = (zval *) 0x0
        outbuflen = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {
      handle = 0, handlers = 0x0}}, refcount = 1, type = 0 '\0', is_ref = 0 '\0'}
        old = 1
        fault = 0
        fault_obj = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {
      handle = 0, handlers = 0x0}}, refcount = 1, type = 5 '\005', is_ref = 0 '\0'}
        _old_in_compilation = 0 '\0'
        _old_in_execution = 0 '\0'
---Type <return> to continue, or q <return> to quit---
        _old_current_execute_data = (zend_execute_data *) 0x0
#7  0xb7484edc in zend_error_va (type=1, file=0x1 <Address 0x1 out of bounds>, lineno=1,
    format=0x1 <Address 0x1 out of bounds>)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:657
No locals.
#8  0xb7485084 in zend_exception_error (exception=0xb7663198)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:696
        str = (zval *) 0xb76626f4
        file = (zval *) 0xb7663128
        line = (zval *) 0xb7663170
        ce_exception = (zend_class_entry *) 0x4
#9  0xb746ed16 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/harryr/software/php5.2-200610130830/Zend/zend.c:1128
        orig_user_exception_handler = (zval *) 0x1
        params = (zval ***) 0x0
        retval2 = (zval *) 0xbf2bbf30
        old_exception = (zval *) 0x0
        ex_class_name = "Exception", '\0' <repeats 118 times>
        files = 0xbfbd9dd4 ""
        i = 1
        file_handle = (zend_file_handle *) 0x0
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
        local_retval = (zval *) 0x0
#10 0xb7429aeb in php_execute_script (primary_file=0xbfbdbff0)
    at /home/harryr/software/php5.2-200610130830/main/main.c:1758
        realfile = "ceil\000&#9618;&#9618;&#9618;\004\000\000\000\200&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;abs\000P&#9618;&#9618;&#9618;\021\000\000\000\200&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;convert_uudecode\000\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;convert_uuencode\000\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;base64_encode\000&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;base64_decode\000&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;getlastm"...
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x3
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}},
  free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}},
  free_filename = 0 '\0'}
        old_cwd = 0xbfbd9de0 "/"
        retval = 0
#11 0xb750fa7e in php_handler (r=0x82f6e88)
    at /home/harryr/software/php5.2-200610130830/sapi/apache2handler/sapi_apache2.c:592
        zfd = {type = 5 '\005', filename = 0x82f7fd8 "/home/webuser/default/soapbug/test.php",
  opened_path = 0xb765e794 "\b", handle = {fd = -1218058176, fp = 0xb765e840, stream = {
      handle = 0xb765e840, reader = 0xb743ac70 <_php_stream_read>,
---Type <return> to continue, or q <return> to quit---
      closer = 0xb7428220 <stream_closer_for_zend>,
      fteller = 0xb7428250 <stream_fteller_for_zend>, interactive = 0}}, free_filename = 0 '\0'}
        ctx = (php_struct * volatile) 0x82f86b8
        conf = (void *) 0x814efb0
        brigade = (apr_bucket_brigade * volatile) 0x82f8808
        bucket = (apr_bucket *) 0x1
        rv = 1
        parent_req = (request_rec * volatile) 0x0
#12 0x08068ed5 in ap_run_handler ()
No symbol table info available.
#13 0x0806934c in ap_invoke_handler ()
No symbol table info available.
#14 0x08066118 in ap_process_request ()
No symbol table info available.
#15 0x08060fd8 in _start ()
No symbol table info available.
 [2006-10-16 11:15 UTC] dmitry@php.net 
Fixed in CVS HEAD and PHP_5_2.

The crash wasn't related to ext/soap.
Any uncaught exception might cause crash.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC