Description:
------------
The SOAP module does not write out the WSDL cache files atomically (temp file + rename.)  Thus a race condition exists where if another process attempts to read the partially written cache file, a Segmentation Fault occurs in get_sdl_from_cache.


Test script:
---------------
The issue is easiest to reproduce with a large WSDL file, on a multi-core machine with relatively slow disks.  (Don't point your WSDL cache directory at a tmpfs or SSD filesystem.)

Download the following files into the script directory before testing:

http://www.paypalobjects.com/wsdl/PayPalSvc.wsdl
http://www.paypalobjects.com/wsdl/CoreComponentTypes.xsd
http://www.paypalobjects.com/wsdl/eBLBaseComponents.xsd
http://www.paypalobjects.com/wsdl/EnhancedDataTypes.xsd

<?php
ini_set("soap.wsdl_cache_ttl", "1");
$s = new soapclient("PayPalSvc.wsdl");
?>

Use Apache Bench or other stress testing tool to hit the test script with concurrency.  Watch the error logs for the segmentation faults:
$ ab -k -n20000 -c20 http://localhost/path/to/soap-test-script.php


Expected result:
----------------
No segmentation fault.  PHP should write to a temporary file, and use rename() to replace the cache file when finished.  There should be some protection against stampedes -- other concurrent processes should be able to use the old cache file (if it exists) while it is being rebuilt.


Actual result:
--------------
Two example gdb backtraces follow (line numbers refer to php-src git commit id 7f0d637de4b0fe169dcae4437a86077ece3e3acd):

(gdb) bt 5
#0  memcpy () at ../sysdeps/x86_64/memcpy.S:399
#1  0x00007f66fe9c07af in sdl_deserialize_string (in=0x7fff9a94d650) at /home/askalski/php-src/ext/soap/php_sdl.c:1208
#2  0x00007f66fe9c5470 in sdl_deserialize_type (type=0x7f671082dac8, types=0x7f67094994b0, encoders=0x7f67107c4be0, 
    in=0x7fff9a94d650) at /home/askalski/php-src/ext/soap/php_sdl.c:1326
#3  0x00007f66fe9c55cc in sdl_deserialize_type (type=0x7f67107c0ab8, types=0x7f67094994b0, encoders=0x7f67107c4be0, 
    in=0x7fff9a94d650) at /home/askalski/php-src/ext/soap/php_sdl.c:1378
#4  0x00007f66fe9cbeef in get_sdl_from_cache (this_ptr=<value optimized out>, 
    uri=0x7f670937d240 "http://127.0.10.1/~askalski/soap/PayPalSvc.wsdl", cache_wsdl=<value optimized out>)
    at /home/askalski/php-src/ext/soap/php_sdl.c:1642
(More stack frames follow...)

(gdb) bt 5
#0  0x00007f66fe9c54ec in sdl_deserialize_type (type=0x7f671090a8c0, types=0x7f67107e2ad0, encoders=0x7f67107efc78, 
    in=0x7fff9a94d650) at /home/askalski/php-src/ext/soap/php_sdl.c:1335
#1  0x00007f66fe9c55cc in sdl_deserialize_type (type=0x7f67094a32a8, types=0x7f67107e2ad0, encoders=0x7f67107efc78, 
    in=0x7fff9a94d650) at /home/askalski/php-src/ext/soap/php_sdl.c:1378
#2  0x00007f66fe9cbeef in get_sdl_from_cache (this_ptr=<value optimized out>, 
    uri=0x7f670937d240 "http://127.0.10.1/~askalski/soap/PayPalSvc.wsdl", cache_wsdl=<value optimized out>)
    at /home/askalski/php-src/ext/soap/php_sdl.c:1642
#3  get_sdl (this_ptr=<value optimized out>, uri=0x7f670937d240 "http://127.0.10.1/~askalski/soap/PayPalSvc.wsdl", 
    cache_wsdl=<value optimized out>) at /home/askalski/php-src/ext/soap/php_sdl.c:3251
#4  0x00007f66fe99bcdd in zim_SoapClient_SoapClient (ht=1, return_value=<value optimized out>, 
    return_value_ptr=<value optimized out>, this_ptr=0x7f67094993e0, return_value_used=<value optimized out>)
    at /home/askalski/php-src/ext/soap/soap.c:2520
(More stack frames follow...)