php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77088 Segfault when using SoapClient with null options
Submitted: 2018-10-31 11:54 UTC Modified: 2018-10-31 17:00 UTC
From: projektsage at gmail dot com Assigned:
Status: Closed Package: SOAP related
PHP Version: 7.3.0RC4 OS: linux
Private report: No CVE-ID: None
 [2018-10-31 11:54 UTC] projektsage at gmail dot com
Description:
------------
PHP7.3.0RC4 Thread Safe
Configure: './configure' '--prefix=/opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/php_bin' '--with-apxs2=/opt/apache/httpd-24-x64/bin/apxs' '--with-zlib' '--with-curl' '--with-mysql' '--with-mysqli' '--with-pdo-mysql' '--with-pgsql=/opt/postgresql' '--with-oci8=instantclient,/opt/oracle/instantclient_10_2' '--enable-soap'

BT:
#0  0x00007ffff1c19ed4 in add_property_zval_ex (arg=arg@entry=0x7fffcc054360, key=key@entry=0x7ffff22aeb4c "__soap_fault", key_len=key_len@entry=12, value=value@entry=0x7fffe53f0260) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend_API.c:1825
#1  0x00007ffff1aabfbf in add_soap_fault_ex (fault=fault@entry=0x7fffe53f0260, obj=0x7fffcc054360, fault_code=fault_code@entry=0x7ffff22ae2db "Client", fault_string=fault_string@entry=0x7fffe53f0350 "Uncaught TypeError: SoapClient::SoapClient() expects parameter 2 to be
array, null given in /***/***/httpd-php/php-htdocs/php-htdocs/soap/soap-client"..., fault_detail=0x0, fault_actor=0x0) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/ext/soap/soap.c:3204
#2  0x00007ffff1aaee7c in soap_error_handler (error_num=1, error_filename=0x7fffd5076158 "/***/***/httpd-php/php-htdocs/php-htdocs/soap/soap-client-wsdl-null-context.php", error_lineno=6, format=0x7ffff22ecf58 "Uncaught
%s\n  thrown", args=0x7fffe53f0788) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/ext/soap/soap.c:2144
#3  0x00007ffff1849368 in zend_error_va (type=type@entry=1, file=<optimized out>, lineno=<optimized out>, format=format@entry=0x7ffff22ecf58 "Uncaught %s\n  thrown") at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend_exceptions.c:946
#4  0x00007ffff184990a in zend_exception_error (ex=0x7fffd5076000, severity=severity@entry=1) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend_exceptions.c:1018
#5  0x00007ffff1c16c4b in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/Zend/zend.c:1572
#6  0x00007ffff1baa626 in php_execute_script (primary_file=primary_file@entry=0x7fffe53f1c10) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/main/main.c:2630
#7  0x00007ffff1ca773a in php_handler (r=<optimized out>) at /opt/apache/apache-24-php-7.3.0RC4-x64/php-7.3.0RC4/sapi/apache2handler/sapi_apache2.c:699
#8  0x000000000044a280 in ap_run_handler (r=0x7fffd009b390) at config.c:170
#9  0x000000000044e49e in ap_invoke_handler (r=0x7fffd009b390) at config.c:439
#10 0x0000000000460d9a in ap_process_async_request (r=0x7fffd009b390) at http_request.c:317
#11 0x000000000045d420 in ap_process_http_async_connection (c=<optimized out>) at http_core.c:143
#12 ap_process_http_connection (c=0x7fffe0037420) at http_core.c:228
#13 0x0000000000454e40 in ap_run_process_connection (c=0x7fffe0037420) at connection.c:41
#14 0x0000000000469b4d in process_socket (my_thread_num=<optimized out>, my_child_num=<optimized out>, cs=0x7fffe00373a8, sock=<optimized out>, p=<optimized out>, thd=<optimized out>) at event.c:970
#15 worker_thread (thd=<optimized out>, dummy=<optimized out>) at event.c:1815
#16 0x00007ffff6ee66ba in start_thread (arg=0x7fffe53f2700) at pthread_create.c:333
#17 0x00007ffff6a1841d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109


Test script:
---------------
<?php

try
{
    $options = NULL;
    $sClient = new SoapClient("test.wsdl", $options);
} 
catch(SoapFault $e)
{
    echo "There is a fault:<br/>";
    var_dump($e);
}

?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-31 17:00 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-10-31 17:00 UTC] cmb@php.net
I can reproduce a segfault running master on CLI, but I get
a totally different backtrace:

    #0  0x000000000841cb51 in instanceof_class (instance_ce=0x10, ce=0x8c24f30)
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_operators.c:2285
    #1  0x000000000841ccd9 in instanceof_function (instance_ce=0x10, ce=0x8c24f30)
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_operators.c:2330
    #2  0x000000000823aaf5 in soap_error_handler (error_num=1,
        error_filename=0x7ffffae63498 "/mnt/c/Users/cmb/php-dev/77088.php",
        error_lineno=6, format=0x863486a "Uncaught %s\n  thrown",
        args=0x7ffffffea778)
        at /mnt/c/Users/cmb/php-dev/php-src/ext/soap/soap.c:2109
    #3  0x00000000084513c6 in zend_error_va (type=1,
        file=0x7ffffae63498 "/mnt/c/Users/cmb/php-dev/77088.php", lineno=6,
        format=0x863486a "Uncaught %s\n  thrown")
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_exceptions.c:946
    #4  0x00000000084519c8 in zend_exception_error (ex=0x7ffffae7e000, severity=1)
        at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend_exceptions.c:1018
    #5  0x00000000084233ed in zend_execute_scripts (type=8, retval=0x0,
        file_count=3) at /mnt/c/Users/cmb/php-dev/php-src/Zend/zend.c:1612
    #6  0x000000000839a273 in php_execute_script (primary_file=0x7ffffffedf10)
        at /mnt/c/Users/cmb/php-dev/php-src/main/main.c:2643
    #7  0x00000000084f425d in do_cli (argc=2, argv=0x8ba7910)
        at /mnt/c/Users/cmb/php-dev/php-src/sapi/cli/php_cli.c:997
    #8  0x00000000084f5113 in main (argc=2, argv=0x8ba7910)
        at /mnt/c/Users/cmb/php-dev/php-src/sapi/cli/php_cli.c:1390

instance_ce=0x10 in frame #0 looks fishy.
 [2018-11-21 03:31 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaafd793e6f74aa6afc233d9594d176266ba0684
Log: Fixed bug #77088 (Segfault when using SoapClient with null options)
 [2018-11-21 03:31 UTC] laruence@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri May 24 10:01:27 2019 UTC