php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68361 Segmentation fault on SoapClient::__getTypes
Submitted: 2014-11-06 08:08 UTC Modified: 2014-11-07 13:09 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: red dot led0 at gmail dot com Assigned:
Status: Closed Package: SOAP related
PHP Version: 5.5.18 OS: Linux (KUbuntu)
Private report: No CVE-ID:
 [2014-11-06 08:08 UTC] red dot led0 at gmail dot com
Description:
------------
Got "Segmentation fault (core dumped)" when trying to get types from this WSDL: http://pastebin.com/Gwnt7UHA
It may be not valid, but some exception or error is expected in this case.

Test script:
---------------
<?php

// xml file content: http://pastebin.com/Gwnt7UHA
$client = new SoapClient('test.xml');

$res = $client->__getTypes(); // Segmentation fault here

var_dump($res);


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-07 13:09 UTC] aharvey@php.net
-Status: Open +Status: Analyzed
 [2014-11-07 13:09 UTC] aharvey@php.net
Stack trace:

#0  0x0000000000690e1d in _zend_is_inconsistent (ht=0x0, file=0x851d18 "/home/vagrant/php-src/5.5/Zend/zend_hash.c", line=919)
    at /home/vagrant/php-src/5.5/Zend/zend_hash.c:54
#1  0x0000000000693998 in zend_hash_find (ht=0x0, arKey=0x7b4258 "http://schemas.xmlsoap.org/wsdl/:arrayType", nKeyLength=43,
    pData=0x7fffffffcb98) at /home/vagrant/php-src/5.5/Zend/zend_hash.c:919
#2  0x00000000004cec6a in type_to_string (type=0x7ffff7fe1e58, buf=0x7fffffffcd50, level=0)
    at /home/vagrant/php-src/5.5/ext/soap/soap.c:4749
#3  0x00000000004c4bd7 in zim_SoapClient___getTypes (ht=0, return_value=0x7ffff7fdeb10, return_value_ptr=0x0,
    this_ptr=0x7ffff7fdec00, return_value_used=0) at /home/vagrant/php-src/5.5/ext/soap/soap.c:3008
#4  0x00000000006bdd8b in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7faa1a8)
    at /home/vagrant/php-src/5.5/Zend/zend_vm_execute.h:550
#5  0x00000000006be49f in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7ffff7faa1a8)
    at /home/vagrant/php-src/5.5/Zend/zend_vm_execute.h:685
#6  0x00000000006bd582 in execute_ex (execute_data=0x7ffff7faa1a8) at /home/vagrant/php-src/5.5/Zend/zend_vm_execute.h:363
#7  0x00000000006bd5f3 in zend_execute (op_array=0x7ffff7fdf850) at /home/vagrant/php-src/5.5/Zend/zend_vm_execute.h:388
#8  0x000000000066f79f in zend_eval_stringl (str=0xac8b40 "$client = new SoapClient(\"/tmp/test.xml\"); $client->__getTypes();",
    str_len=65, retval_ptr=0x0, string_name=0x861b4c "Command line code") at /home/vagrant/php-src/5.5/Zend/zend_execute_API.c:1185
#9  0x000000000066fa48 in zend_eval_stringl_ex (str=0xac8b40 "$client = new SoapClient(\"/tmp/test.xml\"); $client->__getTypes();",
    str_len=65, retval_ptr=0x0, string_name=0x861b4c "Command line code", handle_exceptions=1)
    at /home/vagrant/php-src/5.5/Zend/zend_execute_API.c:1232
#10 0x000000000066fabc in zend_eval_string_ex (str=0xac8b40 "$client = new SoapClient(\"/tmp/test.xml\"); $client->__getTypes();",
    retval_ptr=0x0, string_name=0x861b4c "Command line code", handle_exceptions=1)
    at /home/vagrant/php-src/5.5/Zend/zend_execute_API.c:1243
#11 0x000000000072957a in do_cli (argc=3, argv=0xac8ac0) at /home/vagrant/php-src/5.5/sapi/cli/php_cli.c:1034
#12 0x000000000072a661 in main (argc=3, argv=0xac8ac0) at /home/vagrant/php-src/5.5/sapi/cli/php_cli.c:1378

The proximate cause appears to be that (*attr)->extraAttributes is NULL. I'm not familiar enough with this to know if that's an expected condition, or if the root cause is in the code that is first setting up the attr struct.
 [2014-11-11 08:36 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=327d4f9afbb81ea7bf4fd2c6c69019e886047e60
Log: Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes)
 [2014-11-11 08:36 UTC] laruence@php.net
-Status: Analyzed +Status: Closed
 [2014-11-18 20:34 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=327d4f9afbb81ea7bf4fd2c6c69019e886047e60
Log: Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC