|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2019-04-27 11:08 UTC] jan dot eberhardt at posteo dot de
Description:
------------
PHP crashes reproducibly with a segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH.
The crash occurs only if the wsdl-file was already cached in a previous run.
It does not happen if one uses WSDL_CACHE_MEMORY or WSDL_CACHE_DISK.
I used the wsdl-file from bug76348, but it crashes with other wsdl-files too.
# php soaptest.php
===DONE===
# php soaptest.php
Segmentation fault (core dumped)
Test script:
---------------
<?php
$client = new SoapClient(__DIR__ . DIRECTORY_SEPARATOR . 'bug76348.wsdl', [
'cache_wsdl' => WSDL_CACHE_BOTH
]);
?>
===DONE===
Expected result:
----------------
===DONE===
Actual result:
--------------
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php soaptest.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fb82c26baef in make_persistent_sdl_type (type=0x7fb837291690, ptr_map=ptr_map@entry=0x7ffc7adde4a0,
bp_types=bp_types@entry=0x7ffc7adde4e0, bp_encoders=bp_encoders@entry=0x7ffc7adde520) at ./ext/soap/php_sdl.c:2768
(gdb) bt
#0 0x00007fb82c26baef in make_persistent_sdl_type (type=0x7fb837291690, ptr_map=ptr_map@entry=0x7ffc7adde4a0,
bp_types=bp_types@entry=0x7ffc7adde4e0, bp_encoders=bp_encoders@entry=0x7ffc7adde520) at ./ext/soap/php_sdl.c:2768
#1 0x00007fb82c2700b6 in make_persistent_sdl (sdl=<optimized out>) at ./ext/soap/php_sdl.c:2969
#2 get_sdl (this_ptr=this_ptr@entry=0x7fb83721c0e0, uri=<optimized out>, cache_wsdl=cache_wsdl@entry=3) at ./ext/soap/php_sdl.c:3361
#3 0x00007fb82c2454f4 in zim_SoapClient_SoapClient (execute_data=0x7fb83721c0c0, return_value=<optimized out>) at ./ext/soap/soap.c:2487
#4 0x00005596fbc12308 in execute_ex ()
#5 0x00005596fbc13417 in zend_execute ()
#6 0x00005596fbb61d92 in zend_execute_scripts ()
#7 0x00005596fbafd8c0 in php_execute_script ()
#8 0x00005596fbc1582c in ?? ()
#9 0x00005596fb9ab64b in ?? ()
#10 0x00007fb839ef1b97 in __libc_start_main (main=0x5596fb9ab230, argc=2, argv=0x7ffc7ade32f8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7ffc7ade32e8) at ../csu/libc-start.c:310
#11 0x00005596fb9ab7ea in _start ()
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Tue Dec 03 16:01:33 2024 UTC |
The actual segfault happens because sdl persistence is not prepared to deal with a restriction enumeration without string keys. However, I think that the real problem here is that empty string keys are discarded during serialization. The problematic part is this excerpt from xml.xsd: <xs:simpleType> <xs:union memberTypes="xs:language"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value=""/> </xs:restriction> </xs:simpleType> </xs:union> </xs:simpleType> Which uses an empty string enumeration value, which gets discarded during serialization.