php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70979 crash with bad soap request
Submitted: 2015-11-26 15:59 UTC Modified: 2016-01-12 14:33 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: b dot collin at immanens dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.6.15 OS: Windows
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: b dot collin at immanens dot com
New email:
PHP Version: OS:

 

 [2015-11-26 15:59 UTC] b dot collin at immanens dot com
Description:
------------
PHP is use as cgi process.
IIS 7.5
php 5.6.15 nts as FastCgi



When you run a bad soap request, it crash de cgi

The script below reproduce it.

Just have to put it on a server and call it via curl.

Thank you


[PHP Modules]
bcmath
calendar
Core
ctype
curl
date
dom
ereg
filter
ftp
gd
gettext
hash
iconv
json
libxml
mbstring
mcrypt
mhash
mysql
mysqli
mysqlnd
odbc
openssl
pcre
PDO
pdo_mysql
Phar
Reflection
session
SimpleXML
soap
SPL
standard
tokenizer
wddx
xml
xmlreader
xmlwriter
zip
zlib

[Zend Modules]

Test script:
---------------
https://drive.google.com/file/d/0B3XRMAnEe84Sc1NhM3lDcUc4dWs/view?pli=1


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-01-12 14:30 UTC] b dot collin at immanens dot com
It seem to appear when always_populate_raw_post_data is not configure in the php.ini or is configure with always_populate_raw_post_data = On

I compile a debug version in Visual Studio.
It crash on this :

zend_class_entry *zend_std_object_get_class(const zval *object TSRMLS_DC) /* {{{ */
{
	zend_object *zobj;
	zobj = Z_OBJ_P(object);

	return zobj->ce;
}
/* }}} */

with the message :
Unhandled exception at 0x00007FFF817BA6FD (php5_debug.dll) in php-cgi.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.

When accessing to the zobj->ce


The call stack is : 
 	php5_debug.dll!zend_std_object_get_class(const _zval_struct * object) Line 1528	C
 	php5_debug.dll!zend_get_class_entry(const _zval_struct * zobject) Line 238	C
 	php_soap.dll!soap_error_handler(int error_num, const char * error_filename, const unsigned int error_lineno, const char * format, char * args) Line 2145	C
>	php5_debug.dll!zend_error(int type, const char * format, ...) Line 1133	C
 	php5_debug.dll!php_default_post_reader() Line 82	C
 	php5_debug.dll!sapi_read_post_data() Line 249	C
 	php5_debug.dll!sapi_activate() Line 488	C
 	php5_debug.dll!php_request_startup() Line 1638	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2334	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 	php-cgi.exe!mainCRTStartup() Line 377	C
 	kernel32.dll!00007fffaa0b13d2()	Unknown
 	ntdll.dll!00007fffac575454()	Unknown


zend_error_cb seem to be call with parameter :
 type=8192, error_filename="Unknown", error_lino=0, format="automatically populating $http_raw_post_data is deprecated and will be removed in a future version", args="\b"


I don't succeed to understand the bug to propose a patch, but I hope it must help to solve this problem


Best Regards
 [2016-01-12 14:33 UTC] b dot collin at immanens dot com
I forgot, my configure line is : 

configure "--enable-snapshot-build" "--enable-debug" "--disable-zts" "--disable-isapi" "--disable-nsapi" "--without-mssql" "--without-pdo-mssql" "--without-pi3web" "--with-pdo-oci=c:\php-sdk\oracle\x64\instantclient_12_1\sdk,shared" "--with-oci8-12c=c:\php-sdk\oracle\x64\instantclient_12_1\sdk,shared" "--with-enchant=shared" "--enable-object-out-dir=../obj/" "--enable-com-dotnet=shared" "--with-mcrypt=static" "--without-analyzer"
 [2016-01-14 16:49 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
Log: Fixed bug #70979 crash with bad soap request
 [2016-01-14 16:49 UTC] ab@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Sep 15 06:01:28 2024 UTC