php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44706 Segfault after sending PayPal SOAP request
Submitted: 2008-04-12 00:52 UTC Modified: 2008-08-20 01:00 UTC
Votes:11
Avg. Score:4.5 ± 1.2
Reproduced:9 of 10 (90.0%)
Same Version:2 (22.2%)
Same OS:6 (66.7%)
From: test1 at boxaroo dot com Assigned:
Status: No Feedback Package: SOAP related
PHP Version: 5.2.5 OS: at least Linux and Mac
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: test1 at boxaroo dot com
New email:
PHP Version: OS:

 

 [2008-04-12 00:52 UTC] test1 at boxaroo dot com 
Description:
------------
I get a segault when talking to PayPal via SOAP.  It seems like the segfault happens AFTER the Soap call has happened, because I can usually dump the results to the screen just before the crash.  This happens on a Mac system with PHP 5.2.4 and a Linux system with 5.2.5.  I have tried 3 different ways of talking to PayPal; one using their SDK, one using straight SOAP code I wrote, and one using a SOAP wrapper library I found.  All crash the same way.  I use SOAP for tons of other things (eBay, for instance) without issues.

Reproduce code:
---------------
http://img1.boxaroo.com/images/php_soap_segv.txt

And, BTW, you do *not* need to put in your PayPal info (I have mine replaced with '---').  It still crashes in the same way whether it accepts your creds or not.



Expected result:
----------------
Should just be a dump of the return; instead you should see the segfault.

Actual result:
--------------
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x2a26b9e5
0x0028ef3e in zend_objects_store_del_ref_by_handle ()
(gdb) bt
#0  0x0028ef3e in zend_objects_store_del_ref_by_handle ()
#1  0x0028f0b1 in zend_objects_store_del_ref ()
#2  0x00264ce7 in _zval_ptr_dtor ()
#3  0x0027bf90 in zend_hash_destroy ()
#4  0x0028bb22 in zend_object_std_dtor ()
#5  0x0028bb4a in zend_objects_free_object_storage ()
#6  0x0028f097 in zend_objects_store_del_ref_by_handle ()
#7  0x0028f0b1 in zend_objects_store_del_ref ()
#8  0x00264ce7 in _zval_ptr_dtor ()
#9  0x0027bf90 in zend_hash_destroy ()
#10 0x0028bb22 in zend_object_std_dtor ()
#11 0x0028bb4a in zend_objects_free_object_storage ()
#12 0x0028f097 in zend_objects_store_del_ref_by_handle ()
#13 0x0028f0b1 in zend_objects_store_del_ref ()
#14 0x00264ce7 in _zval_ptr_dtor ()
#15 0x0027c12a in zend_hash_apply_deleter ()
#16 0x0027c47c in zend_hash_reverse_apply ()
#17 0x00263fba in shutdown_destructors ()
#18 0x00272541 in zend_call_destructors ()
#19 0x0022dee3 in php_request_shutdown ()
#20 0x0030243a in main ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-05-26 08:39 UTC] jasper at flyingfish dot nl 
Hi,

We are experiencing the same problem on PHP 5.2.6 on Gentoo.

This is a real problem for us.

Regards,
Jasper
 [2008-08-12 16:19 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi
 [2008-08-20 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2008-10-06 15:32 UTC] mike at silverorange dot com 
I can confirm this segmentation fault still occurs using the 5.2-200810011830 snapshot. Please reopen this bug. It's probably related to #44882 because on a patched version of PHP, it doesn't segfault.
 [2008-10-21 12:35 UTC] mike at silverorange dot com 
I can confirm this segmentation fault still occurs using the
5.2-200810211030 snapshot. Please reopen this bug. It's probably related to #44882 because on a patched version of PHP, it doesn't segfault.
 [2010-03-11 17:59 UTC] mbautista at ircf dot fr 
Segmentation fault also occurs on Ubuntu 9.10 with PHP 5.2.4.

The problem is located in php-sdk/lib/PayPal/SOAP/Client.php :

function &__decodeResponse(&$response, $shift = true)

{
        ...
        // Decode to native php datatype.
        $returnArray =& $this->_decode($response); // HERE
        ...
}

The solution :

function _decode_fix($soapvalue)
{
	return parent::_decode($soapvalue);
}
function &__decodeResponse(&$response, $shift = true)
{
        ...
        // Decode to native php datatype.
        $returnArray =& $this->_decode_fix($response);
        ...
}

Note that simply replacing the "HERE" line by :

$returnArray = parent::_decode($soapvalue);

will NOT remove the segmentation fault, you have to call it from another method, like _decode_fix
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 17:01:58 2024 UTC