|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2015-11-29 04:35 UTC] php at ontheroad dot net dot nz
Description: ------------ Using references to array keys in arguments to SOAP calls seems to break the argument processing of SOAP arguments. This works fine in PHP 5.5 but breaks in PHP 7.0.0RC8. PHP7.0.0RC8 configuration './configure' '--prefix=/usr/local/php7' '--with-config-file-scan-dir=/usr/local/php7/etc/conf.d' '--enable-bcmath' '--with-bz2' '--enable-calendar' '--enable-intl' '--enable-exif' '--enable-dba' '--enable-ftp' '--with-gettext' '--with-gd' '--with-jpeg-dir' '--enable-mbstring' '--with-mcrypt' '--with-mhash' '--enable-mysqlnd' '--with-mysql=mysqlnd' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-openssl' '--enable-pcntl' '--with-pspell' '--enable-shmop' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-wddx' '--with-zlib' '--enable-zip' '--with-readline' '--with-curl' '--enable-fpm' '--with-fpm-user=www-data' '--with-fpm-group=www-data No modifications to php.ini. The web services in question are not public, so I can't provide a completely working example, however it seems like the behaviour should be independent of the service itself (although possibly it does somehow depend on the service definition) and it may not be related to SOAP at all, but this is the situation in which I've seen it. The example provides two SoapClient children which pre-process the arguments given. Both do the same thing, but one creates assigns a variable with a reference while one assigns a variable without. The only difference is the reference assignment, but the one with the reference ends up not processing the arguments at all and passing a request without arguments. The key line in the example is 32 (https://gist.github.com/anonymous/6d20b14d0f5fedbc04ca#file-example-php-L32bug-example-L17), where we assign a reference to $params[0]; the array index already exists, so it's not created by the assignment, but we can see on line 18 (https://gist.github.com/anonymous/6d20b14d0f5fedbc04ca#file-example-php-L18) that the SoapClientFine class does exactly the same but without a reference and it works OK. Recompiling with --enable-debug and running valgrind as described in https://bugs.php.net/bugs-getting-valgrind-log.php shows no difference between runs with the SoapClientFine and with the SoapClientBroken (0 definitely/indirectly/possibly lost, 54 blocks still reachable). Test script: --------------- Example is at https://gist.github.com/anonymous/6d20b14d0f5fedbc04ca Expected/Actual results are at https://gist.github.com/anonymous/c7bd9d0cf1c4246beb69 due to spam detection not letting me include it below. Expected result: ---------------- See https://gist.github.com/anonymous/c7bd9d0cf1c4246beb69 Actual result: -------------- See https://gist.github.com/anonymous/c7bd9d0cf1c4246beb69 PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 03:01:28 2024 UTC |
I can not produce this, so I only can give a guess, could you please try to verify whether this fix works? diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 4c746aa..219169d 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -2940,6 +2940,7 @@ PHP_METHOD(SoapClient, __call) if (arg_count > 0) { real_args = safe_emalloc(sizeof(zval), arg_count, 0); ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(args), param) { + ZVAL_DEREF(param); /*zval_add_ref(param);*/ ZVAL_COPY_VALUE(&real_args[i], param); i++;