php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70979 crash with bad soap request
Submitted: 2015-11-26 15:59 UTC Modified: 2016-01-12 14:33 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: b dot collin at immanens dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.6.15 OS: Windows
Private report: No CVE-ID:
 [2015-11-26 15:59 UTC] b dot collin at immanens dot com
Description:
------------
PHP is use as cgi process.
IIS 7.5
php 5.6.15 nts as FastCgi



When you run a bad soap request, it crash de cgi

The script below reproduce it.

Just have to put it on a server and call it via curl.

Thank you


[PHP Modules]
bcmath
calendar
Core
ctype
curl
date
dom
ereg
filter
ftp
gd
gettext
hash
iconv
json
libxml
mbstring
mcrypt
mhash
mysql
mysqli
mysqlnd
odbc
openssl
pcre
PDO
pdo_mysql
Phar
Reflection
session
SimpleXML
soap
SPL
standard
tokenizer
wddx
xml
xmlreader
xmlwriter
zip
zlib

[Zend Modules]

Test script:
---------------
https://drive.google.com/file/d/0B3XRMAnEe84Sc1NhM3lDcUc4dWs/view?pli=1


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-01-12 14:30 UTC] b dot collin at immanens dot com
It seem to appear when always_populate_raw_post_data is not configure in the php.ini or is configure with always_populate_raw_post_data = On

I compile a debug version in Visual Studio.
It crash on this :

zend_class_entry *zend_std_object_get_class(const zval *object TSRMLS_DC) /* {{{ */
{
	zend_object *zobj;
	zobj = Z_OBJ_P(object);

	return zobj->ce;
}
/* }}} */

with the message :
Unhandled exception at 0x00007FFF817BA6FD (php5_debug.dll) in php-cgi.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.

When accessing to the zobj->ce


The call stack is : 
 	php5_debug.dll!zend_std_object_get_class(const _zval_struct * object) Line 1528	C
 	php5_debug.dll!zend_get_class_entry(const _zval_struct * zobject) Line 238	C
 	php_soap.dll!soap_error_handler(int error_num, const char * error_filename, const unsigned int error_lineno, const char * format, char * args) Line 2145	C
>	php5_debug.dll!zend_error(int type, const char * format, ...) Line 1133	C
 	php5_debug.dll!php_default_post_reader() Line 82	C
 	php5_debug.dll!sapi_read_post_data() Line 249	C
 	php5_debug.dll!sapi_activate() Line 488	C
 	php5_debug.dll!php_request_startup() Line 1638	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2334	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 	php-cgi.exe!mainCRTStartup() Line 377	C
 	kernel32.dll!00007fffaa0b13d2()	Unknown
 	ntdll.dll!00007fffac575454()	Unknown


zend_error_cb seem to be call with parameter :
 type=8192, error_filename="Unknown", error_lino=0, format="automatically populating $http_raw_post_data is deprecated and will be removed in a future version", args="\b"


I don't succeed to understand the bug to propose a patch, but I hope it must help to solve this problem


Best Regards
 [2016-01-12 14:33 UTC] b dot collin at immanens dot com
I forgot, my configure line is : 

configure "--enable-snapshot-build" "--enable-debug" "--disable-zts" "--disable-isapi" "--disable-nsapi" "--without-mssql" "--without-pdo-mssql" "--without-pi3web" "--with-pdo-oci=c:\php-sdk\oracle\x64\instantclient_12_1\sdk,shared" "--with-oci8-12c=c:\php-sdk\oracle\x64\instantclient_12_1\sdk,shared" "--with-enchant=shared" "--enable-object-out-dir=../obj/" "--enable-com-dotnet=shared" "--with-mcrypt=static" "--without-analyzer"
 [2016-01-14 16:49 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
Log: Fixed bug #70979 crash with bad soap request
 [2016-01-14 16:49 UTC] ab@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC