php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39140 SoapServer causes segfault in specific conditions.
Submitted: 2006-10-12 18:05 UTC Modified: 2006-10-16 11:15 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: harry at telappliant dot com Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.0RC6-dev OS: Linux 2.6.15-vs2.0.1-gentoo-r5
Private report: No CVE-ID:
 [2006-10-12 18:05 UTC] harry at telappliant dot com
Description:
------------
when using use_soap_error_handler and a soap server & client without wsdl the soap server bombs if an exception is thrown!

Reproduce code:
---------------
# test.php
<?php
class TestClass
{
        public function getCallLog( ) {
                throw new Exception("bugger");
        }
}
use_soap_error_handler(TRUE);
$server = new SoapServer( NULL, array('uri' => 'http://example.com') );
$server->setClass('TestClass');
$server->handle();
?>

# test-client.php
<?php
$params = array( 'style' => SOAP_RPC, 'use' => SOAP_ENCODED, 'uri' => 'http://192.168.254.72/soapb$
$client = new SoapClient( NULL, $params );
$blah = $client->getCallLog( array() );
print_r($blah);
?>

Expected result:
----------------
The exception being passed back to the client.

Actual result:
--------------
The server-side bombs.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213290816 (LWP 8597)]
0xb74122e2 in zend_get_executed_lineno () from /usr/lib/apache2/modules/libphp5.so
(gdb) bt
#0  0xb74122e2 in zend_get_executed_lineno () from /usr/lib/apache2/modules/libphp5.so
#1  0xbfb21e18 in ?? ()
#2  0xb7434152 in zend_clear_exception () from /usr/lib/apache2/modules/libphp5.so
#3  0xb7434152 in zend_clear_exception () from /usr/lib/apache2/modules/libphp5.so
#4  0xb74341db in zend_clear_exception () from /usr/lib/apache2/modules/libphp5.so
#5  0xb74227dd in _object_and_properties_init () from /usr/lib/apache2/modules/libphp5.so
#6  0xb742288a in _object_init_ex () from /usr/lib/apache2/modules/libphp5.so
#7  0xb72fc097 in zif_SoapClient___setLocation () from /usr/lib/apache2/modules/libphp5.so
#8  0xb72ff61b in zif_SoapServer_fault () from /usr/lib/apache2/modules/libphp5.so
#9  0xb7435bcc in zend_throw_error_exception () from /usr/lib/apache2/modules/libphp5.so
#10 0xb7435d74 in zend_exception_error () from /usr/lib/apache2/modules/libphp5.so
#11 0xb74206aa in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
#12 0xb73ddcbb in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
#13 0xb74aa20e in zend_get_zval_ptr_ptr () from /usr/lib/apache2/modules/libphp5.so
#14 0x08068ed5 in ap_run_handler ()
#15 0x0806934c in ap_invoke_handler ()
#16 0x08066118 in ap_process_request ()
#17 0x08060fd8 in _start ()
(gdb)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-12 18:07 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip


 [2006-10-13 09:23 UTC] harry at telappliant dot com
Bug can still be replicated with PHP Version 5.2.0RC6-dev (snapshot 200610130830).

Full backtrace:
#0  0xb74603d2 in zend_get_executed_lineno ()
    at /home/harryr/software/php5.2-200610130830/Zend/zend_execute_API.c:394
No locals.
#1  0xb7483432 in zend_default_exception_new_ex (class_type=0xb7662418, skip_top_traces=1)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:97
        tmp = {value = {lval = -1078094272, dval = -0.11557535821119647, str = {
      val = 0xbfbd9640 "&#9618;&f&#9618;", len = -1078094248}, ht = 0xbfbd9640, obj = {handle = 3216873024,
      handlers = 0xbfbd9658}}, refcount = 0, type = 252 '&#9618;', is_ref = 168 '&#9618;'}
        obj = {value = {lval = 2, dval = -6.2692341670811935e-42, str = {
      val = 0x2 <Address 0x2 out of bounds>, len = -1218348576}, ht = 0x2, obj = {handle = 2,
      handlers = 0xb76179e0}}, refcount = 136390592, type = 72 'H', is_ref = 150 '\226'}
        object = (zend_object *) 0xb76626bc
#2  0xb74834bb in zend_default_exception_new (class_type=0x0)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:105
No locals.
#3  0xb746fb1c in _object_and_properties_init (arg=0xbfbd9810, class_type=0x82b9cf0,
    properties=0x0) at /home/harryr/software/php5.2-200610130830/Zend/zend_API.c:950
        tmp = (zval *) 0xb761a780
        object = (zend_object *) 0x5
#4  0xb746fbda in _object_init_ex (arg=0x1, class_type=0x1)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_API.c:957
No locals.
#5  0xb7343e07 in set_soap_fault (obj=0xbfbd9810, fault_code_ns=0x0,
    fault_code=0xb75c5360 "Server",
    fault_string=0xbfbd9830 "Uncaught exception 'Exception' with message 'bugger' in /home/webuser/                                              default/soapbug/test.php:5\nStack trace:\n#0 [internal function]: TestClass->getCallLog(Array, NULL                                              , NULL, NULL, NULL)\n#1 /home/webu"..., fault_actor=0x0, fault_detail=0x0, name=0x0)
    at /home/harryr/software/php5.2-200610130830/ext/soap/soap.c:3115
No locals.
#6  0xb7347338 in soap_error_handler (error_num=1,
    error_filename=0xb7663140 "/home/webuser/default/soapbug/test.php", error_lineno=5,
    format=0xb75bf02d "Uncaught %s\n  thrown", args=0xbfbd9c80 "&#9618;&#9618;e&#9618;&#9618;\234&#9618;&#9618;")
    at /home/harryr/software/php5.2-200610130830/ext/soap/soap.c:2134
        code = 0xb75c5360 "Server"
        buffer = "Uncaught exception 'Exception' with message 'bugger' in /home/webuser/default/soa                                              pbug/test.php:5\nStack trace:\n#0 [internal function]: TestClass->getCallLog(Array, NULL, NULL, NUL                                              L, NULL)\n#1 /home/webu"...
        outbuf = (zval *) 0x0
        outbuflen = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {
      handle = 0, handlers = 0x0}}, refcount = 1, type = 0 '\0', is_ref = 0 '\0'}
        old = 1
        fault = 0
        fault_obj = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0}, ht = 0x0, obj = {
      handle = 0, handlers = 0x0}}, refcount = 1, type = 5 '\005', is_ref = 0 '\0'}
        _old_in_compilation = 0 '\0'
        _old_in_execution = 0 '\0'
---Type <return> to continue, or q <return> to quit---
        _old_current_execute_data = (zend_execute_data *) 0x0
#7  0xb7484edc in zend_error_va (type=1, file=0x1 <Address 0x1 out of bounds>, lineno=1,
    format=0x1 <Address 0x1 out of bounds>)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:657
No locals.
#8  0xb7485084 in zend_exception_error (exception=0xb7663198)
    at /home/harryr/software/php5.2-200610130830/Zend/zend_exceptions.c:696
        str = (zval *) 0xb76626f4
        file = (zval *) 0xb7663128
        line = (zval *) 0xb7663170
        ce_exception = (zend_class_entry *) 0x4
#9  0xb746ed16 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/harryr/software/php5.2-200610130830/Zend/zend.c:1128
        orig_user_exception_handler = (zval *) 0x1
        params = (zval ***) 0x0
        retval2 = (zval *) 0xbf2bbf30
        old_exception = (zval *) 0x0
        ex_class_name = "Exception", '\0' <repeats 118 times>
        files = 0xbfbd9dd4 ""
        i = 1
        file_handle = (zend_file_handle *) 0x0
        orig_op_array = (zend_op_array *) 0x0
        orig_retval_ptr_ptr = (zval **) 0x0
        local_retval = (zval *) 0x0
#10 0xb7429aeb in php_execute_script (primary_file=0xbfbdbff0)
    at /home/harryr/software/php5.2-200610130830/main/main.c:1758
        realfile = "ceil\000&#9618;&#9618;&#9618;\004\000\000\000\200&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;abs\000P&#9618;&#9618;&#9618;\021\000\000\000\200&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;convert_uudecode\000\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;convert_uuencode\000\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;base64_encode\000&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;base64_decode\000&#9618;&#9618;\214\000\000\000|&#9618;&#9618;\002\000\000\000&#9618;#G&#9618;getlastm"...
        prepend_file_p = (zend_file_handle *) 0x0
        append_file_p = (zend_file_handle *) 0x3
        prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}},
  free_filename = 0 '\0'}
        append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
    fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}},
  free_filename = 0 '\0'}
        old_cwd = 0xbfbd9de0 "/"
        retval = 0
#11 0xb750fa7e in php_handler (r=0x82f6e88)
    at /home/harryr/software/php5.2-200610130830/sapi/apache2handler/sapi_apache2.c:592
        zfd = {type = 5 '\005', filename = 0x82f7fd8 "/home/webuser/default/soapbug/test.php",
  opened_path = 0xb765e794 "\b", handle = {fd = -1218058176, fp = 0xb765e840, stream = {
      handle = 0xb765e840, reader = 0xb743ac70 <_php_stream_read>,
---Type <return> to continue, or q <return> to quit---
      closer = 0xb7428220 <stream_closer_for_zend>,
      fteller = 0xb7428250 <stream_fteller_for_zend>, interactive = 0}}, free_filename = 0 '\0'}
        ctx = (php_struct * volatile) 0x82f86b8
        conf = (void *) 0x814efb0
        brigade = (apr_bucket_brigade * volatile) 0x82f8808
        bucket = (apr_bucket *) 0x1
        rv = 1
        parent_req = (request_rec * volatile) 0x0
#12 0x08068ed5 in ap_run_handler ()
No symbol table info available.
#13 0x0806934c in ap_invoke_handler ()
No symbol table info available.
#14 0x08066118 in ap_process_request ()
No symbol table info available.
#15 0x08060fd8 in _start ()
No symbol table info available.
 [2006-10-16 11:15 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.

The crash wasn't related to ext/soap.
Any uncaught exception might cause crash.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 08:02:33 2014 UTC