php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50902 Segfault if date.timezone is not set and error_log is defined
Submitted: 2010-02-01 23:17 UTC Modified: 2011-12-06 04:15 UTC
Votes:9
Avg. Score:4.9 ± 0.3
Reproduced:8 of 8 (100.0%)
Same Version:7 (87.5%)
Same OS:6 (75.0%)
From: william at therileys dot freetcp dot com Assigned: derick (profile)
Status: Closed Package: SOAP related
PHP Version: 5.*, 6 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: william at therileys dot freetcp dot com
New email:
PHP Version: OS:

 

 [2010-02-01 23:17 UTC] william at therileys dot freetcp dot com 
Description:
------------
When creating a new SoapClient PHP will segfault if the client is 
unreachable or returns a 404. This behavior appears to be "fixed" if 
date.timezone is defined in php.ini or if error_log is not set 
(regardless of whether log_errors is on or off).

Reproduce code:
---------------
try
{
    $client = new SoapClient("http://1.2.3.4/wsdl");
}
catch(Exception $e)
{
    echo "\n\nNO SEG FAULT!\n\n";
}

Expected result:
----------------
See 'NO SEG FAULT' printed to screen

Actual result:
--------------
Segmentation fault

#0  0x0837ed83 in zend_object_store_get_object (zobject=0x0, 
tsrm_ls=0x0) at /usr/src/redhat/BUILD/php-
5.2.12/Zend/zend_objects_API.c:261
#1  0x0837e419 in zend_std_object_get_class (object=0xb7ec6eb8, 
tsrm_ls=0x8bdb050) at /usr/src/redhat/BUILD/php-
5.2.12/Zend/zend_object_handlers.c:1088
#2  0x08228c2b in soap_error_handler (error_num=2048, 
error_filename=0xb7ec746c "Command line code", error_lineno=1, 
format=0x8677f27 "%s", args=0xbff9b038 "@\214??xc?\b\t")
    at /usr/src/redhat/BUILD/php-5.2.12/ext/soap/soap.c:2117
#3  0x0836484a in zend_error (type=2048, format=0x8677f27 "%s") at 
/usr/src/redhat/BUILD/php-5.2.12/Zend/zend.c:976
#4  0x0832316e in php_verror (docref=0xb7ec7d40 "\220}
??client.soapclient", params=0x8663415 "", type=2048,
    format=0x8447b50 "It is not safe to rely on the system's timezone 
settings. Please use the date.timezone setting, the TZ environment 
variable or the date_default_timezone_set() function. In case you used 
any of those m"..., args=0xbff9b0d0 "?\212D\b\030\f?\b", 
tsrm_ls=0x8bdb050) at /usr/src/redhat/BUILD/php-5.2.12/main/main.c:733
#5  0x08323548 in php_error_docref0 (docref=0x0, tsrm_ls=0x8bdb050, 
type=2048,
    format=0x8447b50 "It is not safe to rely on the system's timezone 
settings. Please use the date.timezone setting, the TZ environment 
variable or the date_default_timezone_set() function. In case you used 
any of those m"...) at /usr/src/redhat/BUILD/php-
5.2.12/main/main.c:745
#6  0x080c7385 in guess_timezone (tzdb=Variable "tzdb" is not 
available.
) at /usr/src/redhat/BUILD/php-5.2.12/ext/date/php_date.c:627
#7  0x080c7524 in get_timezone_info (tsrm_ls=0x8bdb050) at 
/usr/src/redhat/BUILD/php-5.2.12/ext/date/php_date.c:684
#8  0x080c80e5 in php_format_date (format=0x8677e3b "d-M-Y H:i:s", 
format_len=11, ts=1265064008, localtime=1, tsrm_ls=0x8bdb050) at 
/usr/src/redhat/BUILD/php-5.2.12/ext/date/php_date.c:934
#9  0x08322ea8 in php_log_err (
    log_message=0xb7ec8950 "PHP Fatal error:  SOAP-ERROR: Parsing 
WSDL: Couldn't load from 'http://1.2.3.4/wsdl' : failed to load 
external entity \"http://1.2.3.4/wsdl\"\n in Command line code on line 
1",
    tsrm_ls=0x8bdb050) at /usr/src/redhat/BUILD/php-
5.2.12/main/main.c:516
#10 0x08323b75 in php_error_cb (type=1, error_filename=0xb7ec746c 
"Command line code", error_lineno=1, format=0x865af24 "SOAP-ERROR: 
Parsing WSDL: Couldn't load from '%s' : %s",
    args=0xbff9b808 "?x?????\b?y???x??\024") at 
/usr/src/redhat/BUILD/php-5.2.12/main/main.c:919
#11 0x08229254 in soap_error_handler (error_num=1, 
error_filename=0xb7ec746c "Command line code", error_lineno=1, 
format=0x865af24 "SOAP-ERROR: Parsing WSDL: Couldn't load from '%s' : 
%s",
    args=0xbff9b808 "?x?????\b?y???x??\024") at 
/usr/src/redhat/BUILD/php-5.2.12/ext/soap/soap.c:2170
#12 0x0836484a in zend_error (type=1, format=0x865af24 "SOAP-ERROR: 
Parsing WSDL: Couldn't load from '%s' : %s") at 
/usr/src/redhat/BUILD/php-5.2.12/Zend/zend.c:976
#13 0x08249a5d in load_wsdl_ex (this_ptr=0xb7ec6eb8, struri=0xb7ec78d8 
"http://1.2.3.4/wsdl", ctx=0xbff9b9d0, include=0, tsrm_ls=0x8bdb050) 
at /usr/src/redhat/BUILD/php-5.2.12/ext/soap/php_sdl.c:307
#14 0x08254c7a in get_sdl (this_ptr=0xb7ec6eb8, uri=0xb7ec78d8 
"http://1.2.3.4/wsdl", cache_wsdl=Variable "cache_wsdl" is not 
available.
) at /usr/src/redhat/BUILD/php-5.2.12/ext/soap/php_sdl.c:713
#15 0x082242e2 in zim_SoapClient_SoapClient (ht=1, 
return_value=0xb7ec6ea0, return_value_ptr=0x0, this_ptr=0xb7ec6eb8, 
return_value_used=0, tsrm_ls=0x8bdb050)
    at /usr/src/redhat/BUILD/php-5.2.12/ext/soap/soap.c:2505
#16 0x08381c06 in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbff9cdf0, tsrm_ls=0x8bdb050) at 
/usr/src/redhat/BUILD/php-5.2.12/Zend/zend_vm_execute.h:200
#17 0x08381221 in execute (op_array=0xb7ec7360, tsrm_ls=0x8bdb050) at 
/usr/src/redhat/BUILD/php-5.2.12/Zend/zend_vm_execute.h:92
#18 0x08358fed in zend_eval_string (str=0xbffceb91 "try { $client = 
new SoapClient(\"http://1.2.3.4/wsdl\"); } catch(Exception $e){ echo 
\"\\n\\nNO SEG FAULT!\\n\\n\"; }", retval_ptr=0x0,
    string_name=0x869af27 "Command line code", tsrm_ls=0x8bdb050) at 
/usr/src/redhat/BUILD/php-5.2.12/Zend/zend_execute_API.c:1222
#19 0x0835918f in zend_eval_string_ex (str=0xbffceb91 "try { $client = 
new SoapClient(\"http://1.2.3.4/wsdl\"); } catch(Exception $e){ echo 
\"\\n\\nNO SEG FAULT!\\n\\n\"; }", retval_ptr=0x0,
    string_name=0x869af27 "Command line code", handle_exceptions=1, 
tsrm_ls=0x8bdb050) at /usr/src/redhat/BUILD/php-
5.2.12/Zend/zend_execute_API.c:1257
#20 0x083d6d39 in main (argc=3, argv=0xbff9d224) at 
/usr/src/redhat/BUILD/php-5.2.12/sapi/cli/php_cli.c:1254

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-01 23:18 UTC] william at therileys dot freetcp dot com 
php.ini below

[PHP]
expose_php=Off
safe_mode = Off
memory_limit = 128M
short_open_tag = On
soap.wsdl_cache_enabled=0

upload_max_filesize = 10M
post_max_size = 10M

display_errors=Off
log_errors=On
error_log=/var/log/php.log

include_path = 
".:/php/include:/usr/local/include/php/include:/usr/local/lib/php"
extension_dir = "/usr/local/lib/php/extensions"
 [2010-02-02 08:43 UTC] jani@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2010-02-02 17:59 UTC] william at therileys dot freetcp dot com 
Same behavior with php5.2-201002021330 from 
http://snaps.php.net/php5.2-latest.tar.gz

I tried to paste in the back trace but I get "Please do not SPAM our bug 
system."
 [2010-02-03 00:42 UTC] derick@php.net 
Please put it on pastebin.com and provide a link then.
 [2010-02-03 21:31 UTC] william at therileys dot freetcp dot com 
It is essentially the same back trace. Full content here: http://pastebin.com/f47226472
 [2010-02-03 22:00 UTC] jani@php.net 
That was not the backtrace of the build with the snapshot. Please, provide the correct backtrace.
 [2010-02-03 22:23 UTC] william at therileys dot freetcp dot com 
I did another back trace just to verify the correct php version was 
being used and with the source code in place on the system on which I 
ran gdb.

Please note that the back trace will say 5.2.12 (even though this is the 
snapshot) because I used that directory name so I did not have to 
rewrite the spec file to build an RPM.

http://pastebin.com/f19f1446a

$ /usr/local/bin/php --version
PHP 5.2.13RC1-dev (cli) (built: Feb  2 2010 10:17:42)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
 [2010-02-03 22:33 UTC] jani@php.net 
The shortest way to reproduce:

# php -n -dlog_errors=on -derror_log=./foo \
 -r 'new SoapClient("http://localhost/wsdl");
 [2010-02-03 23:19 UTC] jani@php.net 
This is bug in SOAP extension which has a funky error handler defined.
 [2010-03-31 12:25 UTC] derick@php.net
-Assigned To: dmitry +Assigned To: derick
 [2011-02-24 13:48 UTC] indeyets@php.net 
(copypaste from #54087, which is marked as duplicate of this bug)

Description:
------------
In case there is some problem with extension loaded from php.ini (shared 
dependency not available), php segfaults while trying to show error.

it happens in debug+zts mode at least.

Debugger output:


(lldb) run
Process 23067 launched: '/opt/php53/bin/php' (x86_64)
(lldb) Process 23067 stopped
* thread #1: tid = 0x2d03, 0x00000001000097f0 php`guess_timezone + 48 at 
php_date.c:843, stop reason = EXC_BAD_ACCESS (code=13, address=0x0)
 840   		char *env;
 841   	
 842   		/* Checking configure timezone */
 843 ->		if (DATEG(timezone) && (strlen(DATEG(timezone)) > 0)) {
 844   			return DATEG(timezone);
 845   		}
 846   		/* Check environment variable */
(lldb) frame s 3
frame #3: 0x000000010053edb1 php`php_log_err + 369 at main.c:585
 582   				char *error_time_str;
 583   	
 584   				time(&error_time);
 585 ->				error_time_str = php_format_date("d-M-Y H:i:s", 
11, error_time, 1 TSRMLS_CC);
 586   				len = spprintf(&tmp, 0, "[%s] %s%s", 
error_time_str, log_message, PHP_EOL);
 587   	#ifdef PHP_WIN32
 588   				php_flock(fd, 2);
(lldb) print log_message
(char *) log_message = 0x0000000101807a50 "PHP Warning:  PHP Startup: Unable to 
load dynamic library '/opt/php53/lib/php/extensions/debug-zts-
20090626/gobject.so' - dlopen(/opt/php53/lib/php/extensions/debug-zts-
20090626/gobject.so, 9): Library not loaded: /opt/homebrew/Cellar/gobject-
introspection/0.10.2/lib/libgirepository-1.0.1.dylib\n  Referenced from: 
/opt/php53/lib/php/extensions/debug-zts-20090626/gobject.so\n  Reason: image not 
found in Unknown on line 0"
(lldb) bt
thread #1: tid = 0x2d03, stop reason = EXC_BAD_ACCESS (code=13, address=0x0)
  frame #0: 0x00000001000097f0 php`guess_timezone + 48 at php_date.c:843
  frame #1: 0x0000000100009c69 php`get_timezone_info + 89 at php_date.c:940
  frame #2: 0x000000010000a05b php`php_format_date + 59 at php_date.c:1190
  frame #3: 0x000000010053edb1 php`php_log_err + 369 at main.c:585
  frame #4: 0x0000000100543b76 php`php_error_cb + 2342 at main.c:1003
  frame #5: 0x00000001005f6da3 php`zend_error + 1139 at zend.c:1020
  frame #6: 0x000000010053fdb5 php`php_verror + 3301 at main.c:807
  frame #7: 0x000000010053ff9c php`php_error_docref0 + 364 at main.c:819
  frame #8: 0x000000010040d031 php`php_load_extension + 561 at dl.c:158
  frame #9: 0x0000000100554d32 php`php_load_php_extension_cb + 50 at 
php_ini.c:351
  frame #10: 0x00000001005e8661 php`zend_llist_apply + 65 at zend_llist.c:193
  frame #11: 0x0000000100554cb7 php`php_ini_register_extensions + 87 at 
php_ini.c:751
  frame #12: 0x0000000100542f89 php`php_module_startup + 3529 at main.c:2029
  frame #13: 0x000000010071b944 php`php_cli_startup + 36 at php_cli.c:402
  frame #14: 0x000000010071895f php`main + 2575 at php_cli.c:776
  frame #15: 0x0000000100000c64 php`start + 52
(lldb) 


Expected result:
----------------
Error is displayed

Actual result:
--------------
Segfaul
 [2011-12-06 04:15 UTC] derick@php.net
-Status: Assigned +Status: Closed
 [2011-12-06 04:15 UTC] derick@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

I've fixed this about a week ago.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 01 19:01:37 2025 UTC