php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70715 Segmentation fault inside soap client
Submitted: 2015-10-15 04:59 UTC Modified: 2015-10-16 00:45 UTC
From: dmifedorenko at gmail dot com Assigned: laruence
Status: Closed Package: SOAP related
PHP Version: master-Git-2015-10-15 (Git) OS: Linux vm 3.13.0-37-generic #64-U
Private report: No CVE-ID:
 [2015-10-15 04:59 UTC] dmifedorenko at gmail dot com
Description:
------------
I got segmentation fault then work with soap client. In august same code works fine on one of PHP 7 RC, looks like SOAP client was broken in last month.

It is difficult give you full test case. Our code base is huge, and SOAP server access is private only. Can you check out backtrace of segfault?


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-15 05:00 UTC] dmifedorenko at gmail dot com
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007faa7f97f930 in zend_string_realloc (s=0x0, len=4097, persistent=0) at /home/fedorenko/php7/php-src/Zend/zend_string.h:185
185   if (!ZSTR_IS_INTERNED(s)) {
warning: File "/home/fedorenko/php7/php-src/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
  add-auto-load-safe-path /home/fedorenko/php7/php-src/.gdbinit
line to your configuration file "/home/fedorenko/.gdbinit".
To completely disable this security protection add
  set auto-load safe-path /
line to your configuration file "/home/fedorenko/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
  info "(gdb)Auto-loading safe path"
Traceback (most recent call last):
  File "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19-gdb.py", line 63, in <module>
    from libstdcxx.v6.printers import register_libstdcxx_printers
ImportError: No module named 'libstdcxx'
(gdb) bt
#0  0x00007faa7f97f930 in zend_string_realloc (s=0x0, len=4097, persistent=0) at /home/fedorenko/php7/php-src/Zend/zend_string.h:185
#1  0x00007faa7f9863f5 in get_http_body (stream=0x7faa711f90c0, close=1,
    headers=0x7faa6fde2118 "HTTP/1.1 200 OK\r\nServer: Apache-Coyote/1.1\r\nX-AREQUESTID: 923x2281982x1\r\nX-ASESSIONID: 1oflkz4\r\nContent-Type: text/xml;charset=utf-8\r\nDate: Thu, 15 Oct 2015 04:23:17 GMT\r\nConnection: close\r\n") at /home/fedorenko/php7/php-src/ext/soap/php_http.c:1497
#2  0x00007faa7f98483d in make_http_soap_request (this_ptr=0x7faa75c13300, buf=0x7faa6ec67880, location=0x7faa70eaccc8 "http://aux.srv.loc:82/rpc/soap/jirasoapservice-v2",
    soapaction=0x7faa6ea53a18 "", soap_version=1, return_value=0x7faa75c132c0) at /home/fedorenko/php7/php-src/ext/soap/php_http.c:1068
#3  0x00007faa7f96b5c5 in zim_SoapClient___doRequest (execute_data=0x7faa75c132e0, return_value=0x7faa75c132c0) at /home/fedorenko/php7/php-src/ext/soap/soap.c:3121
#4  0x00007faa7fc23ead in ZEND_DO_FCALL_SPEC_HANDLER () at /home/fedorenko/php7/php-src/Zend/zend_vm_execute.h:842
#5  0x00007faa7fc22d61 in execute_ex (ex=0x7faa75c13200) at /home/fedorenko/php7/php-src/Zend/zend_vm_execute.h:414
#6  0x00007faa7fbb1135 in zend_call_function (fci=0x7fff181ab0a0, fci_cache=0x7fff181aafb0) at /home/fedorenko/php7/php-src/Zend/zend_execute_API.c:854
#7  0x00007faa7fbb064f in call_user_function_ex (function_table=0x0, object=0x7faa75c131a0, function_name=0x7fff181ab220, retval_ptr=0x7fff181ab4e0, param_count=5,
    params=0x7fff181ab250, no_separation=1, symbol_table=0x0) at /home/fedorenko/php7/php-src/Zend/zend_execute_API.c:679
#8  0x00007faa7fbb0576 in call_user_function (function_table=0x0, object=0x7faa75c131a0, function_name=0x7fff181ab220, retval_ptr=0x7fff181ab4e0, param_count=5,
    params=0x7fff181ab250) at /home/fedorenko/php7/php-src/Zend/zend_execute_API.c:661
#9  0x00007faa7f968f4e in do_request (this_ptr=0x7faa75c131a0, request=0x7faa85aba590, location=0x7faa70f1ac00 "http://aux.srv.loc:82/rpc/soap/jirasoapservice-v2",
    action=0x7faa6fe73c08 "", version=1, one_way=0, response=0x7fff181ab4e0) at /home/fedorenko/php7/php-src/ext/soap/soap.c:2586
#10 0x00007faa7f969ad1 in do_soap_call (execute_data=0x7faa75c13180, this_ptr=0x7faa75c131a0, function=0x7faa71ec1b30 "getIssue", function_len=8, arg_count=2,
    real_args=0x7faa6ea5db80, return_value=0x7faa75c13160, location=0x7faa70f1ac00 "http://aux.srv.loc:82/rpc/soap/jirasoapservice-v2", soap_action=0x0, call_uri=0x0,
    soap_headers=0x0, output_headers=0x0) at /home/fedorenko/php7/php-src/ext/soap/soap.c:2733
#11 0x00007faa7f96ac0b in zim_SoapClient___call (execute_data=0x7faa75c13180, return_value=0x7faa75c13160) at /home/fedorenko/php7/php-src/ext/soap/soap.c:2951
#12 0x00007faa7fc23ead in ZEND_DO_FCALL_SPEC_HANDLER () at /home/fedorenko/php7/php-src/Zend/zend_vm_execute.h:842
#13 0x00007faa7fc22d61 in execute_ex (ex=0x7faa75c12030) at /home/fedorenko/php7/php-src/Zend/zend_vm_execute.h:414
#14 0x00007faa7fc22e73 in zend_execute (op_array=0x7faa75c63000, return_value=0x0) at /home/fedorenko/php7/php-src/Zend/zend_vm_execute.h:458
#15 0x00007faa7fbc86ae in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fedorenko/php7/php-src/Zend/zend.c:1428
#16 0x00007faa7fb35f8f in php_execute_script (primary_file=0x7fff181adc30) at /home/fedorenko/php7/php-src/main/main.c:2471
#17 0x00007faa7fc86a7f in php_handler (r=0x7faa7576d3b0) at /home/fedorenko/php7/php-src/sapi/apache2handler/sapi_apache2.c:678
#18 0x00007faa84287fd0 in ap_run_handler (r=0x7faa7576d3b0) at config.c:169
#19 0x00007faa84288519 in ap_invoke_handler (r=r@entry=0x7faa7576d3b0) at config.c:433
#20 0x00007faa8429db1c in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:658
#21 0x00007faa76e8fd0c in handler_redirect (r=0x7faa7574e0a0) at mod_rewrite.c:5131
#22 0x00007faa84287fd0 in ap_run_handler (r=0x7faa7574e0a0) at config.c:169
#23 0x00007faa84288519 in ap_invoke_handler (r=r@entry=0x7faa7574e0a0) at config.c:433
#24 0x00007faa8429e7ba in ap_process_async_request (r=0x7faa7574e0a0) at http_request.c:338
#25 0x00007faa8429ea94 in ap_process_request (r=r@entry=0x7faa7574e0a0) at http_request.c:373
#26 0x00007faa8429adee in ap_process_http_sync_connection (c=0x7faa84032290) at http_core.c:210
#27 ap_process_http_connection (c=0x7faa84032290) at http_core.c:251
#28 0x00007faa84291b10 in ap_run_process_connection (c=0x7faa84032290) at connection.c:41
#29 0x00007faa84291f28 in ap_process_connection (c=c@entry=0x7faa84032290, csd=<optimized out>) at connection.c:213
#30 0x00007faa806bb767 in child_main (child_num_arg=child_num_arg@entry=1) at prefork.c:704
#31 0x00007faa806bb9a6 in make_child (s=0x7faa841f6f30, slot=1) at prefork.c:800
#32 0x00007faa806bc60e in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902
#33 prefork_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>) at prefork.c:1090
 [2015-10-15 05:50 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2015-10-15 05:50 UTC] requinix@php.net
Looks like you have the same problem as bug #70709, which just got a fix a few hours ago. Can you use a fresh checkout of master, or try the patch posted in that other bug report?
 [2015-10-15 06:01 UTC] dmifedorenko at gmail dot com
Got fresh master, check patch from 70709. Same issue in same place:

(gdb) bt
#0  0x00007fb5f6294930 in zend_string_realloc (s=0x0, len=4097, persistent=0) at /home/fedorenko/php7/php-src/Zend/zend_string.h:185
#1  0x00007fb5f629b3f5 in get_http_body (stream=0x7fb5e6803f80, close=1,
    headers=0x7fb5e63f6118 "HTTP/1.1 200 OK\r\nServer: Apache-Coyote/1.1\r\nX-AREQUESTID: 1019x2299132x1\r\nX-ASESSIONID: l3417j\r\nContent-Type: text/xml;charset=utf-8\r\nDate: Thu, 15 Oct 2015 05:59:42 GMT\r\nConnection: close\r\n") at /home/fedorenko/php7/php-src/ext/soap/php_http.c:1497
#2  0x00007fb5f629983d in make_http_soap_request (this_ptr=0x7fb5ec414300, buf=0x7fb5e6479600, location=0x7fb5e63b70f8 "http://aux.srv.loc:82/rpc/soap/jirasoapservice-v2",
    soapaction=0x7fb5e60073d8 "", soap_version=1, return_value=0x7fb5ec4142c0) at /home/fedorenko/php7/php-src/ext/soap/php_http.c:1068
#3  0x00007fb5f62805c5 in zim_SoapClient___doRequest (execute_data=0x7fb5ec4142e0, return_value=0x7fb5ec4142c0) at /home/fedorenko/php7/php-src/ext/soap/soap.c:3121
#4  0x00007fb5f6538ead in ZEND_DO_FCALL_SPEC_HANDLER () at /home/fedorenko/php7/php-src/Zend/zend_vm_execute.h:842
#5  0x00007fb5f6537d61 in execute_ex (ex=0x7fb5ec414200) at /home/fedorenko/php7/php-src/Zend/zend_vm_execute.h:414
#6  0x00007fb5f64c6135 in zend_call_function (fci=0x7fff179379f0, fci_cache=0x7fff17937900) at /home/fedorenko/php7/php-src/Zend/zend_execute_API.c:854
#7  0x00007fb5f64c564f in call_user_function_ex (function_table=0x0, object=0x7fb5ec4141a0, function_name=0x7fff17937b70, retval_ptr=0x7fff17937e30, param_count=5,
    params=0x7fff17937ba0, no_separation=1, symbol_table=0x0) at /home/fedorenko/php7/php-src/Zend/zend_execute_API.c:679
#8  0x00007fb5f64c5576 in call_user_function (function_table=0x0, object=0x7fb5ec4141a0, function_name=0x7fff17937b70, retval_ptr=0x7fff17937e30, param_count=5,
    params=0x7fff17937ba0) at /home/fedorenko/php7/php-src/Zend/zend_execute_API.c:661
 [2015-10-15 07:01 UTC] requinix@php.net
-Status: Feedback +Status: Open
 [2015-10-15 10:45 UTC] laruence@php.net
hmm, same reason on different places.. will make a fix.
 [2015-10-15 10:47 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88a69ffa58e8fdc8409bb567a2bd6b75b4232c41
Log: Fixed bug #70715 (Segmentation fault inside soap client)
 [2015-10-15 10:47 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2015-10-15 10:47 UTC] laruence@php.net
-Status: Closed +Status: Open
 [2015-10-15 10:47 UTC] laruence@php.net
committed, there should no other similar bugs... thanks
 [2015-10-16 00:08 UTC] dmifedorenko at gmail dot com
Thank you. Confirm, bug fixed.
 [2015-10-16 00:45 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2015-10-25 12:42 UTC] ab@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1f677c5eff7be05db478d4a67860a868058fedc6
Log: Fixed bug #70715 (Segmentation fault inside soap client)
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88a69ffa58e8fdc8409bb567a2bd6b75b4232c41
Log: Fixed bug #70715 (Segmentation fault inside soap client)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Apr 30 18:01:35 2017 UTC