php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41611 xmlrpc_server_call_method() causes segfault on x86_64 platform
Submitted: 2007-06-06 14:42 UTC Modified: 2007-06-06 15:19 UTC
From: glen at delfi dot ee Assigned:
Status: Not a bug Package: XMLRPC-EPI related
PHP Version: 5.2.3 OS: PLD Linux/x86_64
Private report: No CVE-ID: None
 [2007-06-06 14:42 UTC] glen at delfi dot ee
Description:
------------
appears there's regression or the bug was not really fixed:
http://bugs.php.net/bug.php?id=25428

17:22:58 glen[pts/5]@wintersunset ~$ php xmlrpc-segv.php
Segmentation fault
17:23:00 glen[pts/5]@wintersunset ~$ cat xmlrpc-segv.php
<?
$request = xmlrpc_encode_request("system.listMethods", array());
$server = xmlrpc_server_create();
echo xmlrpc_server_call_method($server, $request, false);
17:23:02 glen[pts/5]@wintersunset ~$ php -v
PHP 5.2.3 (cli) (built: Jun  1 2007 08:53:57)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

also tested:
PHP 5.2.3 - x86_64 - segfault
PHP 5.2.2 - x86_64 - segfault
PHP 5.2.1 - x86_64 - segfault
PHP 5.2.1 - x86 - no segfault
PHP 5.2.3 - x86 - no segfault

also tested with php5.2-200706061230 as i tought it's first response 
i get to the bug to try the latest snap.

and the problem is still there...

./configure \
 --enable-debug \
 --enable-maintainer-zts \
 --enable-inline-optimization \
 --with-xmlrpc=shared,/usr

17:38:35 glen[pts/12]@wintersunset BUILD/php5.2-200706061230$ 
gdb ./sapi/cli/php
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "amd64-pld-linux"...Using host 
libthread_db library "/lib64/tls/libthread_db.so.1".

(gdb) set 
args -dextension=xmlrpc.so -dextension_dir=modules /home/glen/xmlrpc-segv.php
(gdb) run
Starting 
program: /home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php -dextension=xmlrpc.so -dextension_dir=modules /home/glen/xmlrpc-segv.php

Program received signal SIGSEGV, Segmentation fault.
0x00002ba84931164b in simplestring_addn () 
from /usr/lib64/libxmlrpc.so.0
(gdb) bt
#0  0x00002ba84931164b in simplestring_addn () 
from /usr/lib64/libxmlrpc.so.0
#1  0x00002ba84931224f in xml_elem_serialize_to_stream () 
from /usr/lib64/libxmlrpc.so.0
#2  0x0000003e6bf064cc in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#3  0x0000003e6bf0593d in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#4  0x0000003e6bf0843d in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#5  0x0000003e6bf0824b in XML_GetFeatureList () 
from /usr/lib64/libexpat.so.0
#6  0x0000003e6bf051b3 in XML_ParseBuffer () 
from /usr/lib64/libexpat.so.0
#7  0x0000003e6bf0511f in XML_Parse () from /usr/lib64/libexpat.so.0
#8  0x00002ba8493123c0 in xml_elem_parse_buf () 
from /usr/lib64/libxmlrpc.so.0
#9  0x00002ba849315163 in XMLRPC_REQUEST_FromXML () 
from /usr/lib64/libxmlrpc.so.0
#10 0x00002ba8491ec593 in zif_xmlrpc_server_call_method (ht=3, 
return_value=0x2ba848e91570, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1, tsrm_ls=0x9db030) 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/ext/xmlrpc/xmlrpc-epi-php.c:1048
#11 0x000000000072bf88 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fffffa5d110, tsrm_ls=0x9db030)
    
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:200
#12 0x00000000007307ed in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7fffffa5d110, tsrm_ls=0x9db030)
    
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:1681
#13 0x000000000072b959 in execute (op_array=0x2ba848e90470, 
tsrm_ls=0x9db030)
    
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:92
#14 0x0000000000700787 in zend_execute_scripts (type=8, 
tsrm_ls=0x9db030, retval=0x0, file_count=3)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend.c:1134
#15 0x0000000000695033 in php_execute_script 
(primary_file=0x7fffffa5f860, tsrm_ls=0x9db030)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/main/main.c:1794
#16 0x0000000000787de9 in main (argc=4, argv=0x7fffffa5f9f8) 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php_cli.c:1151
(gdb)


i'm also attaching backtrace from working x86 gdb (breakpoint on 
zif_xmlrpc_server_call_method):
(gdb) bt
#0  zif_xmlrpc_server_call_method (ht=3, return_value=0xb7bfdd40, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
    tsrm_ls=0x8474018) 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/ext/xmlrpc/xmlrpc-epi-php.c:1021
#1  0x08332a5a in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf853cb0, tsrm_ls=0x8474018)
    
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:200
#2  0x08336a98 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0xbf853cb0, tsrm_ls=0x8474018)
    
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:1681
#3  0x08332568 in execute (op_array=0xb7bfd248, tsrm_ls=0x8474018)
    
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:92
#4  0x0830c0f9 in zend_execute_scripts (type=8, tsrm_ls=0x8474018, 
retval=0x0, file_count=3)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend.c:1134
#5  0x082aead7 in php_execute_script (primary_file=0xbf8560d0, 
tsrm_ls=0x8474018)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/main/main.c:1794
#6  0x08388a38 in main (argc=4, argv=0xbf8561b4) 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php_cli.c:1151
(gdb)




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-06 14:49 UTC] glen at delfi dot ee
also tested `alpha` architecture which has also 64bit cpu:

[glen@fly ~]$ php xmlrpc-segv.php
*** glibc detected *** free(): invalid next size (fast): 
0x0000000120151f40 ***
Aborted
[glen@fly ~]$ arch
alpha
 [2007-06-06 14:57 UTC] tony2001@php.net
Does it matter if you compile the extension statically or not?
I can't reproduce it on Linux x86_64 and the backtrace IMo shows that the problem is somewhere in libxmlrpc, not in PHP.
 [2007-06-06 15:15 UTC] glen at delfi dot ee
yes. appears that the bug is somewhere in xmlrpc-epi-0.51, as if 
compiled without system xmlrpc-epi (either statically or as module) 
it won't segfault.
 [2007-06-06 15:19 UTC] tony2001@php.net
Not PHP problem -> bogus.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Nov 29 20:03:13 2021 UTC