php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30904 segfault when recording soapclient into session
Submitted: 2004-11-26 10:35 UTC Modified: 2004-12-07 08:47 UTC
From: philippe dot ventrillon at fr dot netcentrex dot net Assigned: andi
Status: Closed Package: Scripting Engine problem
PHP Version: 5.0.2 OS: linux fedora core1
Private report: No CVE-ID:
 [2004-11-26 10:35 UTC] philippe dot ventrillon at fr dot netcentrex dot net
Description:
------------
I get a seg fault when i try to record a soapClient into the Session.

the crash occurs with both  standalone php (php -q client10b.php) and apache running php.

The bt have been produced with gdb and stanalone php.


Reproduce code:
---------------
<?php
        session_start();
        $client = new SoapClient("soap10.wsdl", Array('trace'=>1));
        ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache
        var_dump($client->__getFunctions());
        echo("<BR>\n");
        var_dump($client->__getTypes());
        $_SESSION['phvclient10'] = $client;
?>

plus soap10.wsdl===========================================
<?xml version ='1.0' encoding ='UTF-8' ?>
<definitions name='Increment'
  targetNamespace='http://example.org/increment'
  xmlns:tns=' http://example.org/increment '
  xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/'
  xmlns:xsd='http://www.w3.org/2001/XMLSchema'
  xmlns:soapenc='http://schemas.xmlsoap.org/soap/encoding/'
  xmlns:wsdl='http://schemas.xmlsoap.org/wsdl/'
  xmlns='http://schemas.xmlsoap.org/wsdl/'>

<message name='getTempRequest'>
  <part name='symbol' type='xsd:string'/>
</message>
<message name='getTempResponse'>
  <part name='Result' type='xsd:float'/>
</message>

<message name='IncrementRequest'>
  <part name='symbol' type='xsd:positiveInteger'/>
</message>
<message name='IncrementResponse'>
  <part name='Result' type='xsd:integer'/>
</message>


<portType name='IncPortType'>
  <operation name='getTemp'>
    <input message='tns:getTempRequest'/>
    <output message='tns:getTempResponse'/>
  </operation>
  <operation name='increment'>
    <input message='tns:IncrementRequest'/>
    <output message='tns:IncrementResponse'/>
  </operation>
</portType>

<binding name='IncrementBinding' type='tns:IncPortType'>
  <soap:binding style='rpc'
    transport='http://schemas.xmlsoap.org/soap/http'/>

  <operation name='increment'>
    <soap:operation soapAction='urn:localhost-increment#increment'/>
    <input>
      <soap:body use='litteral' namespace='urn:localhost-increment'
        encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'/>
    </input>
    <output>
      <soap:body use='litteral' namespace='urn:localhost-increment'
        encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'/>
    </output>
  </operation>

  <operation name='getTemp'>
    <soap:operation soapAction='urn:localhost-increment#getTemp'/>
    <input>
      <soap:body use='litteral' namespace='urn:localhost-increment'
        encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'/>
    </input>
    <output>
      <soap:body use='litteral' namespace='urn:localhost-increment'
        encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'/>
    </output>
  </operation>


</binding>

<service name='IncrementService'>
  <port name='TempPort' binding='IncrementBinding'>
    <soap:address location='http://localhost/phv/server10.php'/>
  </port>
</service>
</definitions>
===========================================================

Expected result:
----------------
No seg fault

Actual result:
--------------
#0  0x081b166c in zend_throw_exception_internal (exception=0xbfe2aff0)
    at /root/php5/php-5.0.2/Zend/zend_exceptions.c:53
#1  0x081b2cb9 in zend_throw_exception_object (exception=0x9e8099c)
    at /root/php5/php-5.0.2/Zend/zend_exceptions.c:571
#2  0x080a984a in do_soap_call (this_ptr=0x9e81bac,
    function=0x9e81b74 "__sleep", function_len=7, arg_count=0, real_args=0x0,
    return_value=0x9e81c14, soap_action=0x0, call_uri=0x0, soap_headers=0x0,
    output_headers=0x0) at /root/php5/php-5.0.2/ext/soap/soap.c:2225
#3  0x080aa25c in zif_SoapClient___call (ht=2, return_value=0x9e81c14,
    this_ptr=0x9e81bac, return_value_used=1)
    at /root/php5/php-5.0.2/ext/soap/soap.c:2315
#4  0x0819acde in zend_call_function (fci=0xbfe2b060, fci_cache=0x0)
    at /root/php5/php-5.0.2/Zend/zend_execute_API.c:856
#5  0x0819a851 in call_user_function_ex (function_table=0x0, object_pp=0x0,
    function_name=0x0, retval_ptr_ptr=0x0, param_count=0, params=0x0,
    no_separation=0, symbol_table=0x0)
    at /root/php5/php-5.0.2/Zend/zend_execute_API.c:553
#6  0x081b3c8a in zend_std_call_user_call (ht=0, return_value=0x9e81be4,
    this_ptr=0x9e81bac, return_value_used=1)
    at /root/php5/php-5.0.2/Zend/zend_object_handlers.c:572
#7  0x0819acde in zend_call_function (fci=0xbfe2b240, fci_cache=0x0)
    at /root/php5/php-5.0.2/Zend/zend_execute_API.c:856
#8  0x0819a851 in call_user_function_ex (function_table=0x0, object_pp=0x0,
    function_name=0x0, retval_ptr_ptr=0x0, param_count=0, params=0x0,
    no_separation=0, symbol_table=0x0)
    at /root/php5/php-5.0.2/Zend/zend_execute_API.c:553
#9  0x0815455c in php_var_serialize_intern (buf=0xbfe2b3f0, struc=0x9e81640,
    var_hash=0xbfe2b3c0) at /root/php5/php-5.0.2/ext/standard/var.c:686
#10 0x08154b02 in php_var_serialize (buf=0xbfe2b3f0, struc=0x9e81640,
    var_hash=0xbfe2b3c0) at /root/php5/php-5.0.2/ext/standard/var.c:780
#11 0x0809d86f in ps_srlzr_encode_php (newstr=0x0, newlen=0xbfe2b460)
    at /root/php5/php-5.0.2/ext/session/session.c:452
#12 0x0809de3c in php_session_encode (newlen=0xbfe2b460)
    at /root/php5/php-5.0.2/ext/session/session.c:546
#13 0x0809e513 in php_session_save_current_state ()
    at /root/php5/php-5.0.2/ext/session/session.c:805
#14 0x080a0ff1 in php_session_flush ()
    at /root/php5/php-5.0.2/ext/session/session.c:1713
#15 0x080a100f in zm_deactivate_session (type=1, module_number=9)
---Type <return> to continue, or q <return> to quit---
    at /root/php5/php-5.0.2/ext/session/session.c:1727
#16 0x081a76dd in module_registry_cleanup (module=0x0)
    at /root/php5/php-5.0.2/Zend/zend_API.c:1536
#17 0x081a9fc9 in zend_hash_apply (ht=0x8225fc0,
    apply_func=0x81a76ac <module_registry_cleanup>)
    at /root/php5/php-5.0.2/Zend/zend_hash.c:664
#18 0x081a3d68 in zend_deactivate_modules ()
    at /root/php5/php-5.0.2/Zend/zend.c:803
#19 0x08171978 in php_request_shutdown (dummy=0x0)
    at /root/php5/php-5.0.2/main/main.c:1198
#20 0x081ca853 in main (argc=3, argv=0xbfe2bd24)
    at /root/php5/php-5.0.2/sapi/cli/php_cli.c:1046
(gdb)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-26 14:24 UTC] tony2001@php.net
The problem is that the exception is thrown during serialization when there is no opline. 
It can be easily reproduced without SOAP:
<?
class test {
    function __call($a, $b) {
        throw new Exception('test');
    }
}

$obj = new test;
session_start();
$_SESSION['bla'] = $obj;
?>

The patch below should fix the bug:
Index: zend_exceptions.c
===================================================================
RCS file: /repository/ZendEngine2/zend_exceptions.c,v
retrieving revision 1.74
diff -u -r1.74 zend_exceptions.c
--- zend_exceptions.c   30 Oct 2004 10:13:27 -0000      1.74
+++ zend_exceptions.c   26 Nov 2004 13:17:23 -0000
@@ -51,7 +51,7 @@
                zend_throw_exception_hook(exception TSRMLS_CC);
        }

-       if ((EG(current_execute_data)->opline+1)->opcode == ZEND_HANDLE_EXCEPTION) {
+       if (EG(current_execute_data)->opline == NULL || (EG(current_execute_data)->opline+1)->opcode == ZEND_HANDLE_EXCEPTION) {
                /* no need to rethrow the exception */
                return;
        }
 [2004-11-29 20:04 UTC] philippe dot ventrillon at fr dot netcentrex dot net
The patch corrects the seg fault core dump problem.
I know get a message "Fatal error: Exception thrown without a stack frame in Unknown on line 0".
What can i do with this message ?
Should i open a new bug ?

My aim is to record the soapClient into the session in order to avoid rebuilding it at each navigator click.
 [2004-11-29 20:20 UTC] tony2001@php.net
>What can i do with this message ?
>Should i open a new bug ?
No, just to do not save internal classes into session.
It's senseless, because internal classes in most cases contain resources, which cannot be serialized.
And this is well documented AFAIK.

In this particular case class SoapClient tries to call __sleep() method to serialize itself, but this method is not implemented and you get the exception.

Anyway, you shouldn't get segfault here and the patch fixes it.
 [2004-12-07 08:47 UTC] dmitry@php.net
Segfault is fixed in CVS HEAD and PHP_5.0.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 04:01:55 2014 UTC