php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70017 soap_client construct cause crash
Submitted: 2015-07-08 07:46 UTC Modified: 2015-07-17 07:48 UTC
Votes:5
Avg. Score:3.6 ± 1.5
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:1 (33.3%)
From: simon dot minotto at gmail dot com Assigned: laruence (profile)
Status: Assigned Package: Reproducible crash
PHP Version: 7.0.0alpha2 OS: ubuntu 15.04 server
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-07-08 07:46 UTC] simon dot minotto at gmail dot com
Description:
------------
Bug report.

I have a segmentation fault using soap_client
I didn't success reproducing it outside my framework (based on symfony 1.0) with a simple script

Code around the exception : 

file_put_contents("/tmp/doing", "\nconstucting soap client with url ".$wsdl."\n", FILE_APPEND);
$soapClient = new SoapClient($wsdl);
file_put_contents("/tmp/doing", "\nsoap client constructed\n", FILE_APPEND);


Content of /tmp/doing after execution : 


(I replace http by h ttp to avoid ticketing spam detection)

constucting soap client with url h  ttp://trunk-tv1-services-php7test1.brainsonic.com/wsdl_test

soap client constructed

constucting soap client with url h ttp://trunk-tv1-services-php7test1.brainsonic.com/wsdl_test
<ENDOFFILE>


strace of first soap_client construct call : (with strace php <myscript>)
http://pastebin.com/XvnknwrN





strace of second soap_client construct call (jsut before crash) : 

http://pastebin.com/jALzymJ6


My configure line : './configure' '--with-apxs2=/usr/bin/apxs' '--with-mysqli' '--enable-soap' '--enable-sockets' '--enable-sysvsem' '--with-xsl' '--enable-zip' '--enable-mbstring' '--with-curl' '--with-mcrypt' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/lib' '--enable-exif' '--with-openssl' '--enable-pcntl'

on Ubuntu 15

Test script:
---------------
http://pastebin.com/bBZ0iPqu
-> Not reproducing the issue with this code


Actual result:
--------------
http://pastebin.com/kYnMQEqB

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-08 07:49 UTC] simon dot minotto at gmail dot com
http://php7test1.cloudapp.net/phpinfo.php
-> You can find here a php info (used for apache & cli)
 [2015-07-10 11:41 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2015-07-10 11:41 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2015-07-10 12:32 UTC] simon dot minotto at gmail dot com
-Status: Feedback +Status: Open
 [2015-07-10 12:32 UTC] simon dot minotto at gmail dot com
The backtrace is lready generated and attached to this ticket : 

http://pastebin.com/kYnMQEqB

Core was generated by `php /srv/www/trunk.php7test1.brainsonic.com/html/plugins/bsPlaylistPlugin/test/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  zend_mm_alloc_small (size=<optimized out>, bin_num=2, heap=0x7fa5b6400040) at /mnt/php-7.0.0alpha2/Zend/zend_alloc.c:1244
1244                    heap->free_slot[bin_num] = p->next_free_slot;
(gdb) bt
#0  zend_mm_alloc_small (size=<optimized out>, bin_num=2, heap=0x7fa5b6400040) at /mnt/php-7.0.0alpha2/Zend/zend_alloc.c:1244
#1  zend_mm_alloc_heap (size=19, heap=0x7fa5b6400040) at /mnt/php-7.0.0alpha2/Zend/zend_alloc.c:1311
#2  _emalloc (size=19) at /mnt/php-7.0.0alpha2/Zend/zend_alloc.c:2210
#3  0x00000000007e1e32 in _estrdup (s=0x7fa5b4344c60 "getMediasByTagName") at /mnt/php-7.0.0alpha2/Zend/zend_alloc.c:2309
#4  0x00000000006b8372 in load_wsdl (this_ptr=this_ptr@entry=0x7fa5b64196f0, struri=struri@entry=0x7fa5b4243cd8 "http://trunk-tv1-services-php7test1.brainsonic.com/wsdl_test") at /mnt/php-7.0.0alpha2/ext/soap/php_sdl.c:1126
#5  0x00000000006b9015 in get_sdl (this_ptr=this_ptr@entry=0x7fa5b64196f0, uri=0x7fa5b4243cd8 "http://trunk-tv1-services-php7test1.brainsonic.com/wsdl_test", cache_wsdl=cache_wsdl@entry=0) at /mnt/php-7.0.0alpha2/ext/soap/php_sdl.c:3302
#6  0x000000000068ee53 in zim_SoapClient_SoapClient (execute_data=0x7fa5b64196d0, return_value=<optimized out>) at /mnt/php-7.0.0alpha2/ext/soap/soap.c:2534
#7  0x000000000089af84 in ZEND_DO_FCALL_SPEC_HANDLER () at /mnt/php-7.0.0alpha2/Zend/zend_vm_execute.h:834
#8  0x0000000000846b5b in execute_ex (ex=<optimized out>) at /mnt/php-7.0.0alpha2/Zend/zend_vm_execute.h:403
#9  0x000000000089e4a7 in zend_execute (op_array=0x7fa5b6480000, return_value=<optimized out>) at /mnt/php-7.0.0alpha2/Zend/zend_vm_execute.h:447
#10 0x00000000008058f5 in zend_execute_scripts (type=8, retval=0x2, retval@entry=0x0, file_count=2) at /mnt/php-7.0.0alpha2/Zend/zend.c:1389
#11 0x00000000007a569b in php_execute_script (primary_file=0x7ffc7a2eb120) at /mnt/php-7.0.0alpha2/main/main.c:2472
#12 0x000000000089fe59 in do_cli (argc=19, argv=0x2) at /mnt/php-7.0.0alpha2/sapi/cli/php_cli.c:967
#13 0x0000000000437a70 in main (argc=19, argv=0x2) at /mnt/php-7.0.0alpha2/sapi/cli/php_cli.c:1334
 [2015-07-15 09:59 UTC] laruence@php.net
could you please paste out the wsdl_test file?
 [2015-07-15 10:32 UTC] simon dot minotto at gmail dot com
Sure :)
http://pastebin.com/3kEtd6dA

I will let the VM running all day.

Thanks
 [2015-07-16 15:18 UTC] laruence@php.net
Hmm, I can not reproduce this.  valgrind clean as well(could you please try run with latest master snapshot?):

$ USE_ZEND_ALLOC=0 valgrind sapi/cli/php /tmp/1.php
==29654== Memcheck, a memory error detector
==29654== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==29654== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==29654== Command: sapi/cli/php /tmp/1.php
==29654==

before first soap client construct

after first soap client construct
array(9) {
  ["playlistFolderId"]=>
  int(1)
  ["maxPerPage"]=>
  int(5)
  ["page"]=>
  int(1)
  ["additionnalParameters"]=>
  string(0) ""
  ["sessionId"]=>
  string(0) ""
  ["APIKey"]=>
  string(10) "brainsonic"
  ["format"]=>
  string(0) ""
  ["login_username"]=>
  string(0) ""
  ["login_password"]=>
  string(0) ""
}
string(114) "<playlist_menu version="1.0">
<playlist_folder_config>
<items>
</items>
</playlist_folder_config>
</playlist_menu>"

end soap client construct
==29654==
==29654== HEAP SUMMARY:
==29654==     in use at exit: 7,338 bytes in 79 blocks
==29654==   total heap usage: 79,500 allocs, 79,421 frees, 6,789,427 bytes allocated
==29654==
==29654== LEAK SUMMARY:
==29654==    definitely lost: 40 bytes in 1 blocks
==29654==    indirectly lost: 0 bytes in 0 blocks
==29654==      possibly lost: 0 bytes in 0 blocks
==29654==    still reachable: 7,298 bytes in 78 blocks
==29654==         suppressed: 0 bytes in 0 blocks
==29654== Rerun with --leak-check=full to see details of leaked memory
==29654==
==29654== For counts of detected and suppressed errors, rerun with: -v
==29654== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

thanks
 [2015-07-16 15:18 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2015-07-17 07:48 UTC] simon dot minotto at gmail dot com
New (failed) test with php7 beta1 : 
http://pastebin.com/ixZ5B4kh


New (PASS) test with php-src MASTER (php 7.0.0DEV)
http://pastebin.com/FZ3MmSxP

My test pass (ok) BUT I have the following extra content :

[Fri Jul 17 04:46:27 2015]  Script:  '/srv/www/damlp/plugins/trunk/bsPlaylistPlugin/test/functional/services/bsPlaylistServicesActionsTest.php'
/root/php/php-src/Zend/zend_objects.c(161) :  Freeing 0x7F3866CC9900 (200 bytes), script=/srv/www/damlp/plugins/trunk/bsPlaylistPlugin/test/functional/services/bsPlaylistServicesActionsTest.php
[Fri Jul 17 04:46:27 2015]  Script:  '/srv/www/damlp/plugins/trunk/bsPlaylistPlugin/test/functional/services/bsPlaylistServicesActionsTest.php'
/root/php/php-src/Zend/zend_objects.c(161) :  Freeing 0x7F386635DC00 (200 bytes), script=/srv/www/damlp/plugins/trunk/bsPlaylistPlugin/test/functional/services/bsPlaylistServicesActionsTest.php
Last leak repeated 1 time
[Fri Jul 17 04:46:27 2015]  Script:  '/srv/www/damlp/plugins/trunk/bsPlaylistPlugin/test/functional/services/bsPlaylistServicesActionsTest.php'
/root/php/php-src/Zend/zend_objects.c(161) :  Freeing 0x7F3865E15900 (200 bytes), script=/srv/www/damlp/plugins/trunk/bsPlaylistPlugin/test/functional/services/bsPlaylistServicesActionsTest.php
Last leak repeated 5 times
=== Total 9 memory leaks detected ===



If a reconfigure & compile php without --enable-debug, everything is now fine :)
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC