|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-11-03 11:41 UTC] remi@php.net
Description: ------------ Running unit test from 5.6 with 7.0.12 (and 7.1.0RC5) raise a segfault. Tagged as security... because original bug #69152 was a security issue (despite I think should be rated as low) Test script: --------------- <?php $data = 'O:9:"SoapFault":4:{s:9:"faultcode";i:4298448493;s:11:"faultstring";i:4298448543;s:7:"'."\0*\0".'file";i:4298447319;s:7:"'."\0*\0".'line";s:4:"ryat";}'; echo unserialize($data); Expected result: ---------------- SoapFault exception: [4298448493] 4298448543 in (null):0 Actual result: -------------- Segmentation fault (core dumped) PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 12:01:29 2024 UTC |
(gdb) bt #0 0x00007ffff4ae0296 in strlen () from /lib64/libc.so.6 #1 0x00005555557417e1 in xbuf_format_converter (xbuf=xbuf@entry=0x7fffffffa370, is_char=is_char@entry=0 '\000', fmt=<optimized out>, ap=ap@entry=0x7fffffffa3a0) at /usr/src/debug/php-7.0.12/main/spprintf.c:609 #2 0x0000555555742d19 in vstrpprintf (max_len=0, format=<optimized out>, ap=ap@entry=0x7fffffffa3a0) at /usr/src/debug/php-7.0.12/main/spprintf.c:881 #3 0x0000555555742e14 in strpprintf (max_len=max_len@entry=0, format=format@entry=0x7fffe86554c0 "SoapFault exception: [%s] %s in %s:%pd\nStack trace:\n%s") at /usr/src/debug/php-7.0.12/main/spprintf.c:902 #4 0x00007fffe86222e0 in zim_SoapFault___toString (execute_data=<optimized out>, return_value=0x7fffffffa810) at /usr/src/debug/php-7.0.12/ext/soap/soap.c:975 #5 0x000055555578eaba in dtrace_execute_internal (execute_data=<optimized out>, return_value=<optimized out>) at /usr/src/debug/php-7.0.12/Zend/zend_dtrace.c:107 #6 0x000055555579081f in zend_call_function (fci=fci@entry=0x7fffffffa730, fci_cache=fci_cache@entry=0x7fffffffa700) at /usr/src/debug/php-7.0.12/Zend/zend_execute_API.c:877 #7 0x00005555557bcc72 in zend_call_method (object=object@entry=0x7ffff38130b0, obj_ce=<optimized out>, obj_ce@entry=0x555555c0e6d0, fn_proxy=fn_proxy@entry=0x555555c0e800, function_name=function_name@entry=0x55555588b78b "__tostring", function_name_len=function_name_len@entry=10, retval_ptr=retval_ptr@entry=0x7fffffffa810, param_count=0, arg1=0x0, arg2=0x0) at /usr/src/debug/php-7.0.12/Zend/zend_interfaces.c:104 #8 0x00005555557d7983 in zend_std_cast_object_tostring (readobj=0x7ffff38130b0, writeobj=0x7fffffffa890, type=<optimized out>) at /usr/src/debug/php-7.0.12/Zend/zend_object_handlers.c:1558 #9 0x0000555555796e4e in _zval_get_string_func (op=op@entry=0x7ffff38130b0) at /usr/src/debug/php-7.0.12/Zend/zend_operators.c:841 #10 0x00005555557f31e1 in ZEND_ECHO_SPEC_TMPVAR_HANDLER () at /usr/src/debug/php-7.0.12/Zend/zend_vm_execute.h:40451 #11 0x00005555557df52b in execute_ex (ex=ex@entry=0x7ffff38792c0) at /usr/src/debug/php-7.0.12/Zend/zend_vm_execute.h:414 #12 0x000055555578ea58 in dtrace_execute_ex (execute_data=0x7ffff38792c0) at /usr/src/debug/php-7.0.12/Zend/zend_dtrace.c:83 #13 0x00005555558337c7 in zend_execute (op_array=op_array@entry=0x7ffff3884000, return_value=return_value@entry=0x0) at /usr/src/debug/php-7.0.12/Zend/zend_vm_execute.h:458 #14 0x000055555579ec13 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php-7.0.12/Zend/zend.c:1427 #15 0x000055555573e720 in php_execute_script (primary_file=0x7fffffffcf50) at /usr/src/debug/php-7.0.12/main/main.c:2494 #16 0x000055555583547c in do_cli (argc=2, argv=0x555555ba4a60) at /usr/src/debug/php-7.0.12/sapi/cli/php_cli.c:974 #17 0x000055555561f5f9 in main (argc=2, argv=0x555555ba4a60) at /usr/src/debug/php-7.0.12/sapi/cli/php_cli.c:1344