php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70951 Segmentation fault on invalid WSDL cache
Submitted: 2015-11-20 22:57 UTC Modified: 2020-04-23 08:15 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:2 (66.7%)
From: bostjan at teon dot si Assigned:
Status: Open Package: SOAP related
PHP Version: 5.6.15 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bostjan at teon dot si
New email:
PHP Version: OS:

 

 [2015-11-20 22:57 UTC] bostjan at teon dot si 
Description:
------------
When instantiating SOAP client, if WSDL cache exists and is "inappropriate" (either corrupted, or sth similar), PHP crashes.

This was tested with:
- php 5.6.15 (remi's CentOS repos)
- php 5.6.13 (custom built)
- php 5.5.9 (ubuntu default)
- php 5.3.3 (centos 6 - I think it was originally created with this one)

Test script:
---------------
git clone https://github.com/bostjan/php-bug-soap-segfault.git
cd php-bug-soap-segfault
./run.sh


/*
 * Essentialy what script does:
 * 1. runs the soap-client.php for the first time, to create wsdl cache file
 * 2. replaces OK cache file with corrupted one
 * 3. reruns soap-client.php which now segfaults
 *
 * Content of soap-client.php:
 * ----------------------------------
 * <?php
 * ini_set('soap.wsdl_cache_enabled', true);
 * ini_set('soap.wsdl_cache_dir', __DIR__);
 * $soap = new SoapClient ("./services.wsdl");
 * echo "no segfault";
 * ?>
 * ----------------------------------
 */


Expected result:
----------------
### Now the output will be 'no segfault':
no segfault

### Installing 'inappropriate' cache file...done.

### Now there will be segmentation fault:
no segfault


/* Essentially no segmentation fault. */


Actual result:
--------------
### Now the output will be 'no segfault':
no segfault

### Installing 'inappropriate' cache file...done.

### Now there will be segmentation fault:
./run.sh: line 23: 19892 Segmentation fault      php ./soap-client.php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-20 23:19 UTC] bostjan at teon dot si 
Additional info, just figured it out:
That wsdl cache file was left over when migration from 32bit to 64bit CentOS happened. It works on 32bit platforms.

In my opinion this should not produce a segmentation fault, but cache file should be invalidated+deleted and recreated. Thoughts?
 [2017-10-05 12:22 UTC] nikic@php.net 
I'm not able to reproduce the segfault on master.
 [2017-10-13 20:56 UTC] alvaroguimaraes at gmail dot com 
I just had this.

We had invalid cache files because of a full disk incident before.

+1 on invalidate+delete behaviour suggested.

PHP 5.6.31-6+ubuntu16.04.1+deb.sury.org+1 (cli)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

Kernel: 4.4.0-96-generic #119-Ubuntu SMP
 [2020-04-23 07:50 UTC] cmb@php.net 
Related To: Bug #79509
 [2020-04-23 08:07 UTC] cmb@php.net 
> In my opinion this should not produce a segmentation fault, but
> cache file should be invalidated+deleted and recreated. Thoughts?

The alternative would be to document that the cache is system
dependent, and must not be reused after migration.
 [2020-04-23 08:15 UTC] nikic@php.net 
It should be possible to fix this by mixing in SIZEOF_ZEND_LONG in https://github.com/php/php-src/blob/c36b9e93fa06e48fdedb0260a8e5817902da0545/ext/soap/php_sdl.c#L3200-L3239. Or more generally, take a look at how the opcache system ID is computed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 02:01:28 2024 UTC