php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78021 SegFault in response of remote Soap server
Submitted: 2019-05-16 11:57 UTC Modified: 2023-05-12 13:05 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: marcel dot lerutte at vodafoneziggo dot com Assigned:
Status: Verified Package: SOAP related
PHP Version: 7.3.5 OS: RHEL 7
Private report: No CVE-ID: None
 [2019-05-16 11:57 UTC] marcel dot lerutte at vodafoneziggo dot com
Description:
------------
After having setup a SOAP mock service with SoapUI and sending a request to this service Apache crashes with SegFault(11) upon receiving the response.

Test script:
---------------
$contextOptions = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);
stream_context_set_default($contextOptions);
$context = stream_context_create($contextOptions);
$options = array("soap_version"=> 2, "cache_wsdl"=> 0, 'stream_context' => $context);

$test = new SoapClient('http://localhost:8088/mockNetworkInventory?wsdl', $options);
$obj = (object) array(
    'header'=>array('businessTransactionID' =>'?',
        'sentTimestamp' =>'?',
        'sourceContext' => array('host' => '?', 'application' => '?')
    ),
    'body'=>array('service' => array('ID'=>'123'))
);
$test->GetServiceConfiguration_2($obj);


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-05-16 12:05 UTC] marcel dot lerutte at vodafoneziggo dot com
Example response:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://www.ziggo.nl/Integration/ESB/Services/NetworkInventory/GetServiceConfiguration/2/Schema">
   <soapenv:Header/>
   <soapenv:Body>
      <sch:Response xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns0="http://www.ziggo.nl/Integration/ESB/Services/Resource/CmrGetServiceConfiguration/2/Schema">
         <sch:header xmlns:ns1="http://www.ziggo.nl/Integration/ESB/Generic/CMM/3.0">
            <sch:businessTransactionID>0109_0005</sch:businessTransactionID>
            <sch:externalCorrelationID>d6d74d7a-e81e-4dec-80b5-f7643bf1139b</sch:externalCorrelationID>
            <sch:conversationID>83bc1d8f-798d-4559-bc06-40fef33af044</sch:conversationID>
            <sch:sentTimestamp>2019-01-09T10:34:04.617+01:00</sch:sentTimestamp>
            <sch:sourceContext>
               <sch:host>ESB-BW-WPV02</sch:host>
               <sch:application>adpCramer</sch:application>
               <sch:operation>CmrGetServiceConfiguration_2</sch:operation>
            </sch:sourceContext>
            <sch:attributes>
               <sch:attribute>
                  <sch:key>origin</sch:key>
                  <sch:value>tibco_fetch.pl_-s_internet_pro-137.010.666_-o_mdruyter_-d_0</sch:value>
               </sch:attribute>
            </sch:attributes>
         </sch:header>
         <sch:body>
            <sch:customer>
               <sch:externalIDs>
                  <sch:externalID sch:keyField="cmr:externalRelationId">10107206</sch:externalID>
               </sch:externalIDs>
               <sch:fullName>GTVast Gemeente Tynaarlo</sch:fullName>
            </sch:customer>
            <sch:service>
               <sch:ID>Internet Pro-137.010.666</sch:ID>
               <sch:specification>
                  <sch:localReference>0</sch:localReference>
               </sch:specification>
            </sch:service>
            <sch:serviceSpecifications>
               <sch:serviceSpecification>
                  <sch:localReference>0</sch:localReference>
                  <sch:name>Internet Pro</sch:name>
                  <sch:characteristics>
                     <sch:characteristic>
                        <sch:name>ServiceSubType</sch:name>
                        <sch:value>
                           <sch:value>Single Homed</sch:value>
                        </sch:value>
                     </sch:characteristic>
                  </sch:characteristics>
               </sch:serviceSpecification>
               <sch:serviceSpecification>
                  <sch:localReference>1</sch:localReference>
                  <sch:characteristics>
                     <sch:characteristic>
                        <sch:name>ServiceSubType</sch:name>
                        <sch:value>
                           <sch:value>Fiber</sch:value>
                        </sch:value>
                     </sch:characteristic>
                  </sch:characteristics>
               </sch:serviceSpecification>
            </sch:serviceSpecifications>
            <sch:accessServices>
               <sch:accessService>
                  <sch:ID>Access-137.010.668</sch:ID>
                  <sch:specification>
                     <sch:localReference>1</sch:localReference>
                     <sch:name>Access</sch:name>
                  </sch:specification>
                  <sch:status>In Service</sch:status>
                  <sch:resources>
                     <sch:resource>
                        <sch:type>PE</sch:type>
                     </sch:resource>
                     <sch:resource>
                        <sch:type>DS</sch:type>
                     </sch:resource>
                     <sch:resource>
                        <sch:type>CMTS</sch:type>
                     </sch:resource>
                     <sch:resource>
                        <sch:type>CPE</sch:type>
                     </sch:resource>
                  </sch:resources>
                  <sch:characteristics>
                     <sch:characteristic>
                        <sch:key>LAST_MODIFIED_DATE</sch:key>
                        <sch:value>09-01-2019 10:04:57</sch:value>
                     </sch:characteristic>
                     <sch:characteristic>
                        <sch:key>NUMBER_OF_SERVICES</sch:key>
                        <sch:value>1</sch:value>
                     </sch:characteristic>
                  </sch:characteristics>
               </sch:accessService>
            </sch:accessServices>
         </sch:body>
      </sch:Response>
   </soapenv:Body>
</soapenv:Envelope>
 [2019-05-18 14:25 UTC] sjon@php.net
-Status: Open +Status: Feedback
 [2019-05-18 14:25 UTC] sjon@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

could you post the actual wsdl as well? Without it a valid SoapClient cannot be created and I cannot reproduce this
 [2019-05-20 06:12 UTC] marcel dot lerutte at vodafoneziggo dot com
-Status: Feedback +Status: Open
 [2019-05-20 06:12 UTC] marcel dot lerutte at vodafoneziggo dot com
wsdl: https://ufile.io/9o0321zd
xsd 1: https://ufile.io/ftxts1lz
xsd 2: https://ufile.io/0eyv2mto
 [2019-05-20 15:05 UTC] sjon@php.net
-Summary: Apache crashes with SegFault(11) in response of remote Soap server +Summary: SegFault in response of remote Soap server -Status: Open +Status: Verified
 [2019-05-20 15:05 UTC] sjon@php.net
interesting - there seems to be some sort of recursion - or a horrible loop happening. Backtrace:

#0  0x0000555555bcbccd in zend_hash_real_init_mixed_ex (ht=<error reading variable: Cannot access memory at address 0x7fffff7fefc8>) at /var/tmp/php-src/Zend/zend_hash.c:128
#1  0x0000555555bcc586 in zend_hash_real_init_mixed (ht=0x7ffff382b180) at /var/tmp/php-src/Zend/zend_hash.c:260
#2  0x0000555555bcdb35 in _zend_hash_add_or_update_i (ht=0x7ffff382b180, key=0x7ffff3821e40, pData=0x7fffff7ff470, flag=8) at /var/tmp/php-src/Zend/zend_hash.c:654
#3  0x0000555555bce3fc in zend_hash_add_new (ht=0x7ffff382b180, key=0x7ffff3821e40, pData=0x7fffff7ff470) at /var/tmp/php-src/Zend/zend_hash.c:826
#4  0x0000555555c0bb20 in zend_std_write_property (object=0x7fffff7ff710, member=0x7fffff7ff2e0, value=0x7fffff7ff470, cache_slot=0x0) at /var/tmp/php-src/Zend/zend_object_handlers.c:813
#5  0x0000555555bc9414 in zend_update_property (scope=0x55555654b650, object=0x7fffff7ff710, name=0x7ffff49c170c "_", name_length=1, value=0x7fffff7ff470) at /var/tmp/php-src/Zend/zend_API.c:3980
#6  0x00007ffff4991b84 in set_zval_property (object=0x7fffff7ff710, name=0x7ffff49c170c "_", val=0x7fffff7ff470) at /var/tmp/php-src/ext/soap/php_encoding.c:1168
#7  0x00007ffff4993422 in to_zval_object_ex (ret=0x7fffff7ff710, type=0x7ffff469ec00, data=0x5555569f92f0, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1503
#8  0x00007ffff4993bc0 in to_zval_object (ret=0x7fffff7ff710, type=0x7ffff469ec00, data=0x5555569f92f0) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#9  0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffff7ff710, enc=0x7ffff469ec00, data=0x5555569f92f0) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#10 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffff7ff710, encode=0x7ffff469ec00, data=0x5555569f92f0) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#11 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffff7ff710, encode=0x7ffff469ec00, data=0x5555569f92f0) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#12 0x00007ffff4993837 in to_zval_object_ex (ret=0x7fffff7ff9b0, type=0x7ffff469ec00, data=0x5555569f91b0, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1551
#13 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffff7ff9b0, type=0x7ffff469ec00, data=0x5555569f91b0) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#14 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffff7ff9b0, enc=0x7ffff469ec00, data=0x5555569f91b0) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#15 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffff7ff9b0, encode=0x7ffff469ec00, data=0x5555569f91b0) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#16 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffff7ff9b0, encode=0x7ffff469ec00, data=0x5555569f91b0) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#17 0x00007ffff4993837 in to_zval_object_ex (ret=0x7fffff7ffc50, type=0x7ffff469ec00, data=0x5555569f9070, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1551
#18 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffff7ffc50, type=0x7ffff469ec00, data=0x5555569f9070) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#19 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffff7ffc50, enc=0x7ffff469ec00, data=0x5555569f9070) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
...
#62227 0x00007ffff4993837 in to_zval_object_ex (ret=0x7fffffff9090, type=0x7ffff469ec00, data=0x55555664e240, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1551
#62228 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffffff9090, type=0x7ffff469ec00, data=0x55555664e240) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#62229 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffffff9090, enc=0x7ffff469ec00, data=0x55555664e240) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#62230 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffffff9090, encode=0x7ffff469ec00, data=0x55555664e240) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#62231 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffffff9090, encode=0x7ffff469ec00, data=0x55555664e240) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#62232 0x00007ffff4993837 in to_zval_object_ex (ret=0x7fffffff92e0, type=0x7ffff46cb960, data=0x555556623300, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1551
#62233 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffffff92e0, type=0x7ffff46cb960, data=0x555556623300) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#62234 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffffff92e0, enc=0x7ffff46cb960, data=0x555556623300) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#62235 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffffff92e0, encode=0x7ffff46cb960, data=0x555556623300) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#62236 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffffff92e0, encode=0x7ffff46cb960, data=0x555556623300) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#62237 0x00007ffff49925d7 in model_to_zval_object (ret=0x7fffffff97c0, model=0x7ffff46bde70, data=0x555556623230, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1323
#62238 0x00007ffff4992c4b in model_to_zval_object (ret=0x7fffffff97c0, model=0x7ffff46bde38, data=0x555556623230, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1388
#62239 0x00007ffff4993550 in to_zval_object_ex (ret=0x7fffffff97c0, type=0x7ffff46cb840, data=0x555556623230, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1515
#62240 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffffff97c0, type=0x7ffff46cb840, data=0x555556623230) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#62241 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffffff97c0, enc=0x7ffff46cb840, data=0x555556623230) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#62242 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffffff97c0, encode=0x7ffff46cb840, data=0x555556623230) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#62243 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffffff97c0, encode=0x7ffff46cb840, data=0x555556623230) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#62244 0x00007ffff4992721 in model_to_zval_object (ret=0x7fffffff9ef0, model=0x7ffff46bde00, data=0x55555661cd70, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1335
#62245 0x00007ffff4992c4b in model_to_zval_object (ret=0x7fffffff9ef0, model=0x7ffff46bdd58, data=0x55555661cd70, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1388
#62246 0x00007ffff4993550 in to_zval_object_ex (ret=0x7fffffff9ef0, type=0x7ffff46cb6c0, data=0x55555661cd70, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1515
#62247 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffffff9ef0, type=0x7ffff46cb6c0, data=0x55555661cd70) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#62248 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffffff9ef0, enc=0x7ffff46cb6c0, data=0x55555661cd70) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#62249 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffffff9ef0, encode=0x7ffff46cb6c0, data=0x55555661cd70) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#62250 0x00007ffff49932ee in to_zval_object_ex (ret=0x7fffffff9ef0, type=0x7ffff46cba80, data=0x55555661cd70, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1482
#62251 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffffff9ef0, type=0x7ffff46cba80, data=0x55555661cd70) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#62252 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffffff9ef0, enc=0x7ffff46cba80, data=0x55555661cd70) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#62253 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffffff9ef0, encode=0x7ffff46cba80, data=0x55555661cd70) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#62254 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffffff9ef0, encode=0x7ffff46cba80, data=0x55555661cd70) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#62255 0x00007ffff4992721 in model_to_zval_object (ret=0x7fffffffa3d0, model=0x7ffff46f23f0, data=0x55555661ccd0, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1335
#62256 0x00007ffff4992c4b in model_to_zval_object (ret=0x7fffffffa3d0, model=0x7ffff46f23b8, data=0x55555661ccd0, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1388
#62257 0x00007ffff4993550 in to_zval_object_ex (ret=0x7fffffffa3d0, type=0x7ffff46eede0, data=0x55555661ccd0, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1515
#62258 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffffffa3d0, type=0x7ffff46eede0, data=0x55555661ccd0) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#62259 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffffffa3d0, enc=0x7ffff46eede0, data=0x55555661ccd0) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#62260 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffffffa3d0, encode=0x7ffff46eede0, data=0x55555661ccd0) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#62261 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffffffa3d0, encode=0x7ffff46eede0, data=0x55555661ccd0) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#62262 0x00007ffff4992721 in model_to_zval_object (ret=0x7fffffffa980, model=0x7ffff46f2380, data=0x5555566a1fd0, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1335
#62263 0x00007ffff4992c4b in model_to_zval_object (ret=0x7fffffffa980, model=0x7ffff46f2348, data=0x5555566a1fd0, sdl=0x7ffff468f000) at /var/tmp/php-src/ext/soap/php_encoding.c:1388
#62264 0x00007ffff4993550 in to_zval_object_ex (ret=0x7fffffffa980, type=0x7ffff46eecc0, data=0x5555566a1fd0, pce=0x0) at /var/tmp/php-src/ext/soap/php_encoding.c:1515
#62265 0x00007ffff4993bc0 in to_zval_object (ret=0x7fffffffa980, type=0x7ffff46eecc0, data=0x5555566a1fd0) at /var/tmp/php-src/ext/soap/php_encoding.c:1610
#62266 0x00007ffff4999edd in sdl_guess_convert_zval (ret=0x7fffffffa980, enc=0x7ffff46eecc0, data=0x5555566a1fd0) at /var/tmp/php-src/ext/soap/php_encoding.c:3219
#62267 0x00007ffff498f177 in master_to_zval_int (ret=0x7fffffffa980, encode=0x7ffff46eecc0, data=0x5555566a1fd0) at /var/tmp/php-src/ext/soap/php_encoding.c:560
#62268 0x00007ffff498f2d3 in master_to_zval (ret=0x7fffffffa980, encode=0x7ffff46eecc0, data=0x5555566a1fd0) at /var/tmp/php-src/ext/soap/php_encoding.c:596
#62269 0x00007ffff49a39d8 in parse_packet_soap (this_ptr=0x7ffff461f210, buffer=0x7ffff4703018 "\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:sch=\"http://www.ziggo.nl/Integration/ESB/Services/NetworkInventory/GetServiceConfiguration/2/Schema\">\n   <soapenv:Hea"..., buffer_size=4641, fn=0x7ffff46fe720, fn_name=0x0, return_value=0x7fffffffaf00, soap_headers=0x0) at /var/tmp/php-src/ext/soap/php_packet_soap.c:326
#62270 0x00007ffff49845bb in do_soap_call (execute_data=0x7ffff461f1f0, this_ptr=0x7ffff461f210, function=0x7ffff46648b8 "GetServiceConfiguration_2", function_len=25, arg_count=1, real_args=0x7ffff46ff0f0, return_value=0x7fffffffaf00, location=0x7ffff4690be0 "php-bug-78021.php", soap_action=0x0, call_uri=0x0, soap_headers=0x0, output_headers=0x0) at /var/tmp/php-src/ext/soap/soap.c:2690
#62271 0x00007ffff4985683 in zim_SoapClient___call (execute_data=0x7ffff461f1f0, return_value=0x7fffffffaf00) at /var/tmp/php-src/ext/soap/soap.c:2899
#62272 0x0000555555c2681b in ZEND_CALL_TRAMPOLINE_SPEC_HANDLER () at /var/tmp/php-src/Zend/zend_vm_execute.h:1996
#62273 0x0000555555c8fd85 in execute_ex (ex=0x7ffff461f030) at /var/tmp/php-src/Zend/zend_vm_execute.h:55577
#62274 0x0000555555c95203 in zend_execute (op_array=0x7ffff4678300, return_value=0x0) at /var/tmp/php-src/Zend/zend_vm_execute.h:60881
#62275 0x0000555555bb9d7d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /var/tmp/php-src/Zend/zend.c:1568
#62276 0x0000555555b1fb87 in php_execute_script (primary_file=0x7fffffffd700) at /var/tmp/php-src/main/main.c:2630
#62277 0x0000555555c97f4a in do_cli (argc=4, argv=0x5555564f5460) at /var/tmp/php-src/sapi/cli/php_cli.c:997
#62278 0x0000555555c990d9 in main (argc=4, argv=0x5555564f5460) at /var/tmp/php-src/sapi/cli/php_cli.c:1389
 [2023-05-12 13:05 UTC] bukka@php.net
Apology for taking long to reply but would it be possibly to send the wsdl again somewhere? The links no longer work.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 01:01:30 2024 UTC