php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44706 Segfault after sending PayPal SOAP request
Submitted: 2008-04-12 00:52 UTC Modified: 2008-08-20 01:00 UTC
Votes:11
Avg. Score:4.5 ± 1.2
Reproduced:9 of 10 (90.0%)
Same Version:2 (22.2%)
Same OS:6 (66.7%)
From: test1 at boxaroo dot com Assigned:
Status: No Feedback Package: SOAP related
PHP Version: 5.2.5 OS: at least Linux and Mac
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2008-04-12 00:52 UTC] test1 at boxaroo dot com
Description:
------------
I get a segault when talking to PayPal via SOAP.  It seems like the segfault happens AFTER the Soap call has happened, because I can usually dump the results to the screen just before the crash.  This happens on a Mac system with PHP 5.2.4 and a Linux system with 5.2.5.  I have tried 3 different ways of talking to PayPal; one using their SDK, one using straight SOAP code I wrote, and one using a SOAP wrapper library I found.  All crash the same way.  I use SOAP for tons of other things (eBay, for instance) without issues.

Reproduce code:
---------------
http://img1.boxaroo.com/images/php_soap_segv.txt

And, BTW, you do *not* need to put in your PayPal info (I have mine replaced with '---').  It still crashes in the same way whether it accepts your creds or not.



Expected result:
----------------
Should just be a dump of the return; instead you should see the segfault.

Actual result:
--------------
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x2a26b9e5
0x0028ef3e in zend_objects_store_del_ref_by_handle ()
(gdb) bt
#0  0x0028ef3e in zend_objects_store_del_ref_by_handle ()
#1  0x0028f0b1 in zend_objects_store_del_ref ()
#2  0x00264ce7 in _zval_ptr_dtor ()
#3  0x0027bf90 in zend_hash_destroy ()
#4  0x0028bb22 in zend_object_std_dtor ()
#5  0x0028bb4a in zend_objects_free_object_storage ()
#6  0x0028f097 in zend_objects_store_del_ref_by_handle ()
#7  0x0028f0b1 in zend_objects_store_del_ref ()
#8  0x00264ce7 in _zval_ptr_dtor ()
#9  0x0027bf90 in zend_hash_destroy ()
#10 0x0028bb22 in zend_object_std_dtor ()
#11 0x0028bb4a in zend_objects_free_object_storage ()
#12 0x0028f097 in zend_objects_store_del_ref_by_handle ()
#13 0x0028f0b1 in zend_objects_store_del_ref ()
#14 0x00264ce7 in _zval_ptr_dtor ()
#15 0x0027c12a in zend_hash_apply_deleter ()
#16 0x0027c47c in zend_hash_reverse_apply ()
#17 0x00263fba in shutdown_destructors ()
#18 0x00272541 in zend_call_destructors ()
#19 0x0022dee3 in php_request_shutdown ()
#20 0x0030243a in main ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-05-26 08:39 UTC] jasper at flyingfish dot nl
Hi,

We are experiencing the same problem on PHP 5.2.6 on Gentoo.

This is a real problem for us.

Regards,
Jasper
 [2008-08-20 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2008-10-06 15:32 UTC] mike at silverorange dot com
I can confirm this segmentation fault still occurs using the 5.2-200810011830 snapshot. Please reopen this bug. It's probably related to #44882 because on a patched version of PHP, it doesn't segfault.
 [2008-10-21 12:35 UTC] mike at silverorange dot com
I can confirm this segmentation fault still occurs using the
5.2-200810211030 snapshot. Please reopen this bug. It's probably related to #44882 because on a patched version of PHP, it doesn't segfault.
 [2010-03-11 17:59 UTC] mbautista at ircf dot fr
Segmentation fault also occurs on Ubuntu 9.10 with PHP 5.2.4.

The problem is located in php-sdk/lib/PayPal/SOAP/Client.php :

function &__decodeResponse(&$response, $shift = true)

{
        ...
        // Decode to native php datatype.
        $returnArray =& $this->_decode($response); // HERE
        ...
}

The solution :

function _decode_fix($soapvalue)
{
	return parent::_decode($soapvalue);
}
function &__decodeResponse(&$response, $shift = true)
{
        ...
        // Decode to native php datatype.
        $returnArray =& $this->_decode_fix($response);
        ...
}

Note that simply replacing the "HERE" line by :

$returnArray = parent::_decode($soapvalue);

will NOT remove the segmentation fault, you have to call it from another method, like _decode_fix
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 12:01:27 2024 UTC