php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77088 Segfault when using SoapClient with null options
Submitted: 2018-10-31 11:54 UTC Modified: 2018-10-31 17:00 UTC
From: projektsage at gmail dot com Assigned:
Status: Closed Package: SOAP related
PHP Version: 7.3.0RC4 OS: linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: projektsage at gmail dot com
New email:
PHP Version: OS:

 

 [2018-10-31 11:54 UTC] projektsage at gmail dot com
Description:
------------
PHP7.3.0RC4 Thread Safe
Configure: './configure' '--prefix=/opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/php_bin' '--with-apxs2=/opt/apache/httpd-24-x64/bin/apxs' '--with-zlib' '--with-curl' '--with-mysql' '--with-mysqli' '--with-pdo-mysql' '--with-pgsql=/opt/postgresql' '--with-oci8=instantclient,/opt/oracle/instantclient_10_2' '--enable-soap'

BT:
#0  0x00007ffff1c19ed4 in add_property_zval_ex (arg=arg@entry=0x7fffcc054360, key=key@entry=0x7ffff22aeb4c "__soap_fault", key_len=key_len@entry=12, value=value@entry=0x7fffe53f0260) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend_API.c:1825
#1  0x00007ffff1aabfbf in add_soap_fault_ex (fault=fault@entry=0x7fffe53f0260, obj=0x7fffcc054360, fault_code=fault_code@entry=0x7ffff22ae2db "Client", fault_string=fault_string@entry=0x7fffe53f0350 "Uncaught TypeError: SoapClient::SoapClient() expects parameter 2 to be
array, null given in /***/***/httpd-php/php-htdocs/php-htdocs/soap/soap-client"..., fault_detail=0x0, fault_actor=0x0) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/ext/soap/soap.c:3204
#2  0x00007ffff1aaee7c in soap_error_handler (error_num=1, error_filename=0x7fffd5076158 "/***/***/httpd-php/php-htdocs/php-htdocs/soap/soap-client-wsdl-null-context.php", error_lineno=6, format=0x7ffff22ecf58 "Uncaught
%s\n  thrown", args=0x7fffe53f0788) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/ext/soap/soap.c:2144
#3  0x00007ffff1849368 in zend_error_va (type=type@entry=1, file=<optimized out>, lineno=<optimized out>, format=format@entry=0x7ffff22ecf58 "Uncaught %s\n  thrown") at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend_exceptions.c:946
#4  0x00007ffff184990a in zend_exception_error (ex=0x7fffd5076000, severity=severity@entry=1) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend_exceptions.c:1018
#5  0x00007ffff1c16c4b in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend.c:1572
#6  0x00007ffff1baa626 in php_execute_script (primary_file=primary_file@entry=0x7fffe53f1c10) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/main/main.c:2630
#7  0x00007ffff1ca773a in php_handler (r=<optimized out>) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/sapi/apache2handler/sapi_apache2.c:699
#8  0x000000000044a280 in ap_run_handler (r=0x7fffd009b390) at config.c:170
#9  0x000000000044e49e in ap_invoke_handler (r=0x7fffd009b390) at config.c:439
#10 0x0000000000460d9a in ap_process_async_request (r=0x7fffd009b390) at http_request.c:317
#11 0x000000000045d420 in ap_process_http_async_connection (c=<optimized out>) at http_core.c:143
#12 ap_process_http_connection (c=0x7fffe0037420) at http_core.c:228
#13 0x0000000000454e40 in ap_run_process_connection (c=0x7fffe0037420) at connection.c:41
#14 0x0000000000469b4d in process_socket (my_thread_num=<optimized out>, my_child_num=<optimized out>, cs=0x7fffe00373a8, sock=<optimized out>, p=<optimized out>, thd=<optimized out>) at event.c:970
#15 worker_thread (thd=<optimized out>, dummy=<optimized out>) at event.c:1815
#16 0x00007ffff6ee66ba in start_thread (arg=0x7fffe53f2700) at pthread_create.c:333
#17 0x00007ffff6a1841d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109


Test script:
---------------
<?php

try
{
    $options = NULL;
    $sClient = new SoapClient("test.wsdl", $options);
} 
catch(SoapFault $e)
{
    echo "There is a fault:<br/>";
    var_dump($e);
}

?>


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-31 17:00 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-10-31 17:00 UTC] cmb@php.net
I can reproduce a segfault running master on CLI, but I get
a totally different backtrace:

    #0  0x000000000841cb51 in instanceof_class (instance_ce=0x10, ce=0x8c24f30)
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_operators.c:2285
    #1  0x000000000841ccd9 in instanceof_function (instance_ce=0x10, ce=0x8c24f30)
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_operators.c:2330
    #2  0x000000000823aaf5 in soap_error_handler (error_num=1,
        error_filename=0x7ffffae63498 "/mnt/c/Users/cmb/php-dev/77088.php",
        error_lineno=6, format=0x863486a "Uncaught %s\n  thrown",
        args=0x7ffffffea778)
        at /mnt/c/Users/cmb/php-dev/php-src/ext/soap/soap.c:2109
    #3  0x00000000084513c6 in zend_error_va (type=1,
        file=0x7ffffae63498 "/mnt/c/Users/cmb/php-dev/77088.php", lineno=6,
        format=0x863486a "Uncaught %s\n  thrown")
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_exceptions.c:946
    #4  0x00000000084519c8 in zend_exception_error (ex=0x7ffffae7e000, severity=1)
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_exceptions.c:1018
    #5  0x00000000084233ed in zend_execute_scripts (type=8, retval=0x0,
        file_count=3) at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend.c:1612
    #6  0x000000000839a273 in php_execute_script (primary_file=0x7ffffffedf10)
        at /mnt/c/Users/cmb/php-dev/php-src/main/main.c:2643
    #7  0x00000000084f425d in do_cli (argc=2, argv=0x8ba7910)
        at /mnt/c/Users/cmb/php-dev/php-src/sapi/cli/php_cli.c:997
    #8  0x00000000084f5113 in main (argc=2, argv=0x8ba7910)
        at /mnt/c/Users/cmb/php-dev/php-src/sapi/cli/php_cli.c:1390

instance_ce=0x10 in frame #0 looks fishy.
 [2018-11-21 03:31 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaafd793e6f74aa6afc233d9594d176266ba0684
Log: Fixed bug #77088 (Segfault when using SoapClient with null options)
 [2018-11-21 03:31 UTC] laruence@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 12:01:29 2024 UTC