|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41611 xmlrpc_server_call_method() causes segfault on x86_64 platform
Submitted: 2007-06-06 14:42 UTC Modified: 2007-06-06 15:19 UTC
From: glen at delfi dot ee Assigned:
Status: Not a bug Package: XMLRPC-EPI related
PHP Version: 5.2.3 OS: PLD Linux/x86_64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: glen at delfi dot ee
New email:
PHP Version: OS:


 [2007-06-06 14:42 UTC] glen at delfi dot ee
appears there's regression or the bug was not really fixed:

17:22:58 glen[pts/5]@wintersunset ~$ php xmlrpc-segv.php
Segmentation fault
17:23:00 glen[pts/5]@wintersunset ~$ cat xmlrpc-segv.php
$request = xmlrpc_encode_request("system.listMethods", array());
$server = xmlrpc_server_create();
echo xmlrpc_server_call_method($server, $request, false);
17:23:02 glen[pts/5]@wintersunset ~$ php -v
PHP 5.2.3 (cli) (built: Jun  1 2007 08:53:57)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

also tested:
PHP 5.2.3 - x86_64 - segfault
PHP 5.2.2 - x86_64 - segfault
PHP 5.2.1 - x86_64 - segfault
PHP 5.2.1 - x86 - no segfault
PHP 5.2.3 - x86 - no segfault

also tested with php5.2-200706061230 as i tought it's first response 
i get to the bug to try the latest snap.

and the problem is still there...

./configure \
 --enable-debug \
 --enable-maintainer-zts \
 --enable-inline-optimization \

17:38:35 glen[pts/12]@wintersunset BUILD/php5.2-200706061230$ 
gdb ./sapi/cli/php
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
This GDB was configured as "amd64-pld-linux"...Using host 
libthread_db library "/lib64/tls/".

(gdb) set 
args -dextension_dir=modules /home/glen/xmlrpc-segv.php
(gdb) run
program: /home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php -dextension_dir=modules /home/glen/xmlrpc-segv.php

Program received signal SIGSEGV, Segmentation fault.
0x00002ba84931164b in simplestring_addn () 
from /usr/lib64/
(gdb) bt
#0  0x00002ba84931164b in simplestring_addn () 
from /usr/lib64/
#1  0x00002ba84931224f in xml_elem_serialize_to_stream () 
from /usr/lib64/
#2  0x0000003e6bf064cc in XML_GetFeatureList () 
from /usr/lib64/
#3  0x0000003e6bf0593d in XML_GetFeatureList () 
from /usr/lib64/
#4  0x0000003e6bf0843d in XML_GetFeatureList () 
from /usr/lib64/
#5  0x0000003e6bf0824b in XML_GetFeatureList () 
from /usr/lib64/
#6  0x0000003e6bf051b3 in XML_ParseBuffer () 
from /usr/lib64/
#7  0x0000003e6bf0511f in XML_Parse () from /usr/lib64/
#8  0x00002ba8493123c0 in xml_elem_parse_buf () 
from /usr/lib64/
#9  0x00002ba849315163 in XMLRPC_REQUEST_FromXML () 
from /usr/lib64/
#10 0x00002ba8491ec593 in zif_xmlrpc_server_call_method (ht=3, 
return_value=0x2ba848e91570, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1, tsrm_ls=0x9db030) 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/ext/xmlrpc/xmlrpc-epi-php.c:1048
#11 0x000000000072bf88 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fffffa5d110, tsrm_ls=0x9db030)
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:200
#12 0x00000000007307ed in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7fffffa5d110, tsrm_ls=0x9db030)
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:1681
#13 0x000000000072b959 in execute (op_array=0x2ba848e90470, 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:92
#14 0x0000000000700787 in zend_execute_scripts (type=8, 
tsrm_ls=0x9db030, retval=0x0, file_count=3)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend.c:1134
#15 0x0000000000695033 in php_execute_script 
(primary_file=0x7fffffa5f860, tsrm_ls=0x9db030)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/main/main.c:1794
#16 0x0000000000787de9 in main (argc=4, argv=0x7fffffa5f9f8) 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php_cli.c:1151

i'm also attaching backtrace from working x86 gdb (breakpoint on 
(gdb) bt
#0  zif_xmlrpc_server_call_method (ht=3, return_value=0xb7bfdd40, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/ext/xmlrpc/xmlrpc-epi-php.c:1021
#1  0x08332a5a in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbf853cb0, tsrm_ls=0x8474018)
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:200
(execute_data=0xbf853cb0, tsrm_ls=0x8474018)
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:1681
#3  0x08332568 in execute (op_array=0xb7bfd248, tsrm_ls=0x8474018)
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend_vm_execute.h:92
#4  0x0830c0f9 in zend_execute_scripts (type=8, tsrm_ls=0x8474018, 
retval=0x0, file_count=3)
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/Zend/zend.c:1134
#5  0x082aead7 in php_execute_script (primary_file=0xbf8560d0, 
    at /home/glen/rpm/pld/BUILD/php5.2-200706061230/main/main.c:1794
#6  0x08388a38 in main (argc=4, argv=0xbf8561b4) 
at /home/glen/rpm/pld/BUILD/php5.2-200706061230/sapi/cli/php_cli.c:1151


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-06 14:49 UTC] glen at delfi dot ee
also tested `alpha` architecture which has also 64bit cpu:

[glen@fly ~]$ php xmlrpc-segv.php
*** glibc detected *** free(): invalid next size (fast): 
0x0000000120151f40 ***
[glen@fly ~]$ arch
 [2007-06-06 14:57 UTC]
Does it matter if you compile the extension statically or not?
I can't reproduce it on Linux x86_64 and the backtrace IMo shows that the problem is somewhere in libxmlrpc, not in PHP.
 [2007-06-06 15:15 UTC] glen at delfi dot ee
yes. appears that the bug is somewhere in xmlrpc-epi-0.51, as if 
compiled without system xmlrpc-epi (either statically or as module) 
it won't segfault.
 [2007-06-06 15:19 UTC]
Not PHP problem -> bogus.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Sep 30 08:05:52 2022 UTC