|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77141 Signedness issue in SOAP when precision=-1
Submitted: 2018-11-12 15:40 UTC Modified: 2018-11-12 22:16 UTC
From: lukasz dot jedrzejowski at adition dot com Assigned: cmb (profile)
Status: Closed Package: SOAP related
PHP Version: 7.1.24 OS: Debian GNU/Linux 9.5 (stretch)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
24 + 10 = ?
Subscribe to this entry?

 [2018-11-12 15:40 UTC] lukasz dot jedrzejowski at adition dot com
Reproduced in:
- 7.1.23-2+0~20181015120514.8+stretch~1.gbpab65a0 (used this one as the nearest reported affected version).
- 7.2.10-0ubuntu0.18.04.1
- 7.2.11-4+0~20181106031630.10+stretch~1.gbp789850
but worked correctly in:
- 5.6.24-0+deb8u1

Using -1 "precision" ini-setting on either SOAP request or response when passing a float results in a fatal error: "Possible integer overflow in memory allocation".
Using other precision settings affects the string representation of passed floats as expected.

Although I've tested it manually on the SoapServer too, I'm providing the easier client side steps to reproduce.

Test script was executed by running /tmp/test.php in cli mode.

Test script:
$soap = new \SoapClient(
        'location' => "http://localhost/soap.php",
        'uri' => "http://localhost/",
        'style' => SOAP_RPC,
        'trace' => true,
        'exceptions' => true,
ini_set('precision', -1);
try {
} finally {
    echo $soap->__getLastRequest();

Expected result:
Expected to see the traced SOAP request with float represented as string according to the set precision (for -1 precision the float 1.1 should be represented as "1.1").
Please ignore the additional "DTD are not supported" fatal error because of not actually running a SoapServer under the given URI.
SOAP response output was shortened to avoid "spam detection" triggered by long lines when reporting this bug.

...<SOAP-ENV:Body><ns1:call><param0 xsi:type="xsd:float">1.1</param0></ns1:call></SOAP-ENV:Body>...
PHP Fatal error:  Uncaught SoapFault exception: [Client] DTD are not supported by SOAP in /tmp/test.php:14
Stack trace:
#0 /tmp/test.php(14): SoapClient->__call('call', Array)
#1 /tmp/test.php(14): SoapClient->call(1.1)
#2 {main}
  thrown in /tmp/test.php on line 14

Actual result:
PHP Fatal error:  Uncaught SoapFault exception: [Client] Possible integer overflow in memory allocation (18446744073709551615 * 1 + 33) in /tmp/test.php:13
Stack trace:
#0 /tmp/test.php(13): SoapClient->__call('call', Array)
#1 {main}
  thrown in /tmp/test.php on line 13


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-12 17:33 UTC]
-Status: Open +Status: Verified
 [2018-11-12 17:33 UTC]
Confirmed.  A `-1` is passed to a `size_t`[1].

[1] <>
 [2018-11-12 20:49 UTC]
-Assigned To: +Assigned To: cmb
 [2018-11-12 22:16 UTC]
-Summary: Integer overflow on SOAP request or response with -1 precision ini setting +Summary: Signedness issue in SOAP when precision=-1
 [2018-11-12 22:27 UTC]
Automatic comment on behalf of
Log: Fix #77141: Signedness issue in SOAP when precision=-1
 [2018-11-12 22:27 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri May 24 20:01:29 2024 UTC