php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70951 Segmentation fault on invalid WSDL cache
Submitted: 2015-11-20 22:57 UTC Modified: 2020-04-23 08:15 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:2 (66.7%)
From: bostjan at teon dot si Assigned:
Status: Open Package: SOAP related
PHP Version: 5.6.15 OS: Linux
Private report: No CVE-ID: None
 [2015-11-20 22:57 UTC] bostjan at teon dot si
Description:
------------
When instantiating SOAP client, if WSDL cache exists and is "inappropriate" (either corrupted, or sth similar), PHP crashes.

This was tested with:
- php 5.6.15 (remi's CentOS repos)
- php 5.6.13 (custom built)
- php 5.5.9 (ubuntu default)
- php 5.3.3 (centos 6 - I think it was originally created with this one)

Test script:
---------------
git clone https://github.com/bostjan/php-bug-soap-segfault.git
cd php-bug-soap-segfault
./run.sh


/*
 * Essentialy what script does:
 * 1. runs the soap-client.php for the first time, to create wsdl cache file
 * 2. replaces OK cache file with corrupted one
 * 3. reruns soap-client.php which now segfaults
 *
 * Content of soap-client.php:
 * ----------------------------------
 * <?php
 * ini_set('soap.wsdl_cache_enabled', true);
 * ini_set('soap.wsdl_cache_dir', __DIR__);
 * $soap = new SoapClient ("./services.wsdl");
 * echo "no segfault";
 * ?>
 * ----------------------------------
 */


Expected result:
----------------
### Now the output will be 'no segfault':
no segfault

### Installing 'inappropriate' cache file...done.

### Now there will be segmentation fault:
no segfault


/* Essentially no segmentation fault. */


Actual result:
--------------
### Now the output will be 'no segfault':
no segfault

### Installing 'inappropriate' cache file...done.

### Now there will be segmentation fault:
./run.sh: line 23: 19892 Segmentation fault      php ./soap-client.php


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-20 23:19 UTC] bostjan at teon dot si
Additional info, just figured it out:
That wsdl cache file was left over when migration from 32bit to 64bit CentOS happened. It works on 32bit platforms.

In my opinion this should not produce a segmentation fault, but cache file should be invalidated+deleted and recreated. Thoughts?
 [2017-10-05 12:22 UTC] nikic@php.net
I'm not able to reproduce the segfault on master.
 [2017-10-13 20:56 UTC] alvaroguimaraes at gmail dot com
I just had this.

We had invalid cache files because of a full disk incident before.

+1 on invalidate+delete behaviour suggested.

PHP 5.6.31-6+ubuntu16.04.1+deb.sury.org+1 (cli)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

Kernel: 4.4.0-96-generic #119-Ubuntu SMP
 [2020-04-23 08:07 UTC] cmb@php.net
> In my opinion this should not produce a segmentation fault, but
> cache file should be invalidated+deleted and recreated. Thoughts?

The alternative would be to document that the cache is system
dependent, and must not be reused after migration.
 [2020-04-23 08:15 UTC] nikic@php.net
It should be possible to fix this by mixing in SIZEOF_ZEND_LONG in https://github.com/php/php-src/blob/c36b9e93fa06e48fdedb0260a8e5817902da0545/ext/soap/php_sdl.c#L3200-L3239. Or more generally, take a look at how the opcache system ID is computed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC