php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39454 Returning an array segfaults PHP
Submitted: 2006-11-10 04:23 UTC Modified: 2006-11-10 15:07 UTC
From: aharvey@php.net Assigned: dmitry
Status: Closed Package: SOAP related
PHP Version: 5.2.0 OS: Ubuntu 6.06.1 (AMD64)
Private report: No CVE-ID:
 [2006-11-10 04:23 UTC] aharvey@php.net
Description:
------------
Attempting to return an array from a SOAP server causes PHP 5.2.0 to reliably segfault.

Reproduce code:
---------------
http://www.adamharvey.name/soap-array-return/ has a simple client and server that demonstrate the problem, along with the WSDL file that they both use. (Actually running the client script against the server will fail, as that server is running PHP 5.2.0.)

Expected result:
----------------
var_dump output showing an array of integers.

Actual result:
--------------
The gdb backtrace generated on my own workstation is as follows:

#0  0x00002aaaad1f94c3 in _zend_is_inconsistent (ht=0x0, file=0x2aaaad4ad968 "/home/aharvey/trees/php-5.2.0/Zend/zend_hash.c", line=844)
    at /home/aharvey/trees/php-5.2.0/Zend/zend_hash.c:53
#1  0x00002aaaad1fc0d6 in zend_hash_find (ht=0x0, arKey=0x2aaaad46b8c8 "http://schemas.xmlsoap.org/wsdl/:arrayType", nKeyLength=43,
    pData=0x7fffffbee4b0) at /home/aharvey/trees/php-5.2.0/Zend/zend_hash.c:844
#2  0x00002aaaad0166b9 in to_xml_array (type=0x2aaab2ec3fd8, data=0x7fffffbef180, style=1, parent=0x870d10)
    at /home/aharvey/trees/php-5.2.0/ext/soap/php_encoding.c:2011
#3  0x00002aaaad01d317 in sdl_guess_convert_xml (enc=0x2aaab2ec3fd8, data=0x7fffffbef180, style=1, parent=0x870d10)
    at /home/aharvey/trees/php-5.2.0/ext/soap/php_encoding.c:2963
#4  0x00002aaaad00fd93 in master_to_xml (encode=0x2aaab2ec3fd8, data=0x7fffffbef180, style=1, parent=0x870d10)
    at /home/aharvey/trees/php-5.2.0/ext/soap/php_encoding.c:396
#5  0x00002aaaad007b22 in serialize_zval (val=0x7fffffbef180, param=0x2aaab2ec5218, paramName=0x2aaab2ec4fb0 "array", style=1,
    parent=0x870d10) at /home/aharvey/trees/php-5.2.0/ext/soap/soap.c:4259
#6  0x00002aaaad0079dd in serialize_parameter (param=0x2aaab2ec5218, param_val=0x7fffffbef180, index=0, name=0x2aaaad46afea "return",
    style=1, parent=0x870d10) at /home/aharvey/trees/php-5.2.0/ext/soap/soap.c:4232
#7  0x00002aaaad004492 in serialize_response_call2 (body=0x870e40, function=0x2aaab2ec9800,
    function_name=0x2aaab2ec5f80 "getArrayResponse", uri=0x2aaab2ec90f0 "http://zombiejesus/~aharvey/soap-array-test/wsdl-server.php",
    ret=0x7fffffbef180, version=1, main=1) at /home/aharvey/trees/php-5.2.0/ext/soap/soap.c:3587
#8  0x00002aaaad00671a in serialize_response_call (function=0x2aaab2ec9800, function_name=0x2aaab2ec5f80 "getArrayResponse",
    uri=0x2aaab2ec90f0 "http://zombiejesus/~aharvey/soap-array-test/wsdl-server.php", ret=0x7fffffbef180, headers=0x0, version=1)
    at /home/aharvey/trees/php-5.2.0/ext/soap/soap.c:3969
#9  0x00002aaaacffc50e in zim_SoapServer_handle (ht=0, return_value=0x2aaab2ec8c90, return_value_ptr=0x0, this_ptr=0x2aaab2ec8bd0,
    return_value_used=0) at /home/aharvey/trees/php-5.2.0/ext/soap/soap.c:1819
#10 0x00002aaaad215c6d in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffffbef5d0) at zend_vm_execute.h:200
#11 0x00002aaaad216b4a in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fffffbef5d0) at zend_vm_execute.h:322
#12 0x00002aaaad2156b2 in execute (op_array=0x2aaab2ec3b10) at zend_vm_execute.h:92
#13 0x00002aaaad1ed788 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/aharvey/trees/php-5.2.0/Zend/zend.c:1097
#14 0x00002aaaad18eea9 in php_execute_script (primary_file=0x7fffffbf1c30) at /home/aharvey/trees/php-5.2.0/main/main.c:1758
#15 0x00002aaaad271ea8 in php_handler (r=0x8679f0) at /home/aharvey/trees/php-5.2.0/sapi/apache2handler/sapi_apache2.c:592
#16 0x0000000000436465 in ap_run_handler ()
#17 0x00000000004368c2 in ap_invoke_handler ()
#18 0x0000000000428880 in ap_process_request ()
#19 0x00000000004238a8 in _start ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-10 15:07 UTC] dmitry@php.net
The crash is fixed in CVS HEAD and PHP_5_2.

The crash occured because of mistake in your wsdl file.

ref="soapenc:arrayType" arrayType="xsd:int[]"

must be changed to

ref="soapenc:arrayType" soapenc:arrayType="xsd:int[]"

 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 01:02:05 2014 UTC