PHP :: Bug #54911 :: Access to a undefined member in inherit SoapClient may cause Segmentation Fault

Bug #54911	Access to a undefined member in inherit SoapClient may cause Segmentation Fault
Submitted:	2011-05-23 19:33 UTC	Modified:	2011-11-28 14:20 UTC
From:	erik at datahack dot se	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.3.6	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	erik at datahack dot se
New email:
PHP Version:		OS:

New Comment:

[2011-05-23 19:33 UTC] erik at datahack dot se

Description:
------------
If you try to access an undefined variable or constant in an extended SoapClient, it will cause PHP crash due to a Segmentation Fault.

Test script:
---------------
<?php
    class XSoapClient extends SoapClient {
        function __doRequest($request, $location, $action, $version) {
            echo self::$crash;
//          echo parent::$crash;
//          echo self::crash;
//          echo parent::crash;
        }   
    }   
    $client = new XSoapClient(null, array('uri'=>'', 'location'=>''));
    $client->__soapCall('', array());
?>

Expected result:
----------------
An error like, Fatal error: Access to undeclared static property: XSoapClient::$crash...

Actual result:
--------------
$ sapi/cli/php ../crash.php 
Segmentation fault

# gdb backtrace...
Starting program: /home/erik/php-5.3.6/sapi/cli/php ../crash.php
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x0843c238 in zval_delref_p (zval_ptr=0xbfffcf68, __zend_filename=0x87cc4e8 "/home/erik/php-5.3.6/Zend/zend_vm_execute.h", 
    __zend_lineno=609) at /home/erik/php-5.3.6/Zend/zend.h:385
385		return --pz->refcount__gc;
(gdb) bt
#0  0x0843c238 in zval_delref_p (zval_ptr=0xbfffcf68, __zend_filename=0x87cc4e8 "/home/erik/php-5.3.6/Zend/zend_vm_execute.h", 
    __zend_lineno=609) at /home/erik/php-5.3.6/Zend/zend.h:385
#1  _zval_ptr_dtor (zval_ptr=0xbfffcf68, __zend_filename=0x87cc4e8 "/home/erik/php-5.3.6/Zend/zend_vm_execute.h", __zend_lineno=609)
    at /home/erik/php-5.3.6/Zend/zend_execute_API.c:437
#2  0x08479ff8 in ZEND_HANDLE_EXCEPTION_SPEC_HANDLER (execute_data=0x8920a60) at /home/erik/php-5.3.6/Zend/zend_vm_execute.h:609
#3  0x08478793 in execute (op_array=0x88f2be0) at /home/erik/php-5.3.6/Zend/zend_vm_execute.h:107
#4  0x0844bae6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/erik/php-5.3.6/Zend/zend.c:1194
#5  0x083e102e in php_execute_script (primary_file=0xbffff324) at /home/erik/php-5.3.6/main/main.c:2268
#6  0x08509d35 in main (argc=2, argv=0xbffff4b4) at /home/erik/php-5.3.6/sapi/cli/php_cli.c:1193

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-09-17 10:29 UTC] laruence@php.net

-Assigned To: +Assigned To: dmitry

[2011-09-17 10:29 UTC] laruence@php.net

assign to dmitry.

[2011-09-17 10:32 UTC] laruence@php.net

and I can also reproduce this with svn-trunk
and after I undef zend_always_inline, got a more clearly bt:
#0  0x00000000009ffe8c in zval_delref_p (pz=0x5a5a5a5a5a5a5a5a) at 
/home/laruence/opensource/php-src/trunk/Zend/zend.h:391
391     return --pz->refcount__gc;
(gdb) bt
#0  0x00000000009ffe8c in zval_delref_p (pz=0x5a5a5a5a5a5a5a5a) at 
/home/laruence/opensource/php-src/trunk/Zend/zend.h:391
#1  0x0000000000a00efc in i_zval_ptr_dtor (zval_ptr=0x5a5a5a5a5a5a5a5a, 
    __zend_filename=0xdb2f28 "/home/laruence/opensource/php-
src/trunk/Zend/zend_execute.h", __zend_lineno=339)
    at /home/laruence/opensource/php-src/trunk/Zend/zend_execute.h:82
#2  0x0000000000a0163e in zend_vm_stack_clear_multiple () at 
/home/laruence/opensource/php-src/trunk/Zend/zend_execute.h:339
#3  0x0000000000a050f9 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x2a95fbc0e8)
    at /home/laruence/opensource/php-src/trunk/Zend/zend_vm_execute.h:736
#4  0x0000000000a054c8 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(execute_data=0x2a95fbc0e8)
    at /home/laruence/opensource/php-src/trunk/Zend/zend_vm_execute.h:752
#5  0x0000000000a0427c in execute (op_array=0x2a95ff3828) at 
/home/laruence/opensource/php-src/trunk/Zend/zend_vm_execute.h:410
#6  0x00000000009b0c18 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /home/laruence/opensource/php-src/trunk/Zend/zend.c:1271
#7  0x00000000008ef5aa in php_execute_script (primary_file=0x7fbffff260) at 
/home/laruence/opensource/php-src/trunk/main/main.c:2391
#8  0x0000000000a632c8 in do_cli (argc=2, argv=0x7fbffff548) at 
/home/laruence/opensource/php-src/trunk/sapi/cli/php_cli.c:983
#9  0x0000000000a64169 in main (argc=2, argv=0x7fbffff548) at 
/home/laruence/opensource/php-src/trunk/sapi/cli/php_cli.c:1356

[2011-11-28 14:20 UTC] dmitry@php.net

Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=320113
Log: Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault)

[2011-11-28 14:20 UTC] dmitry@php.net

-Status: Assigned +Status: Closed

[2011-11-28 14:20 UTC] dmitry@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2012-04-18 09:47 UTC] laruence@php.net

Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a2ac3a6f26cf554141301c64adf72fd1acb107ae
Log: Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault)

[2012-07-24 23:38 UTC] rasmus@php.net

Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a2ac3a6f26cf554141301c64adf72fd1acb107ae
Log: Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault)

[2013-11-17 09:34 UTC] laruence@php.net

Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a2ac3a6f26cf554141301c64adf72fd1acb107ae
Log: Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC