php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78278 Segfault with soap
Submitted: 2019-07-12 08:42 UTC Modified: 2019-07-12 15:35 UTC
From: clement at ileotech dot com Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.3.7 OS: ubuntu 18.04
Private report: No CVE-ID: None
 [2019-07-12 08:42 UTC] clement at ileotech dot com
Description:
------------
I got really few information on this crash:

When I try to call a function through soap client with WSDL_CACHE_NONE and SOAP_SSL_METHOD_TLS, I got a segfault with soap.so, gdb send me those lines : 

```
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
guess_zval_convert (ret=0x7fffffff9900, type=0x55555636b8e0 <defaultEncoding>, data=0x555556569f30)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:2851
2851			Z_DELREF_P(ret);
```


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-12 09:03 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2019-07-12 09:03 UTC] cmb@php.net
> I got really few information on this crash:

Indeed, too few information.  A backtrace[1] could be helpful, an
SSCCE[2] would likely be even more helpful.

[1] <http://bugs.php.net/bugs-generating-backtrace.php>
[2] <http://sscce.org/>
 [2019-07-12 09:31 UTC] clement at ileotech dot com
For the backtrace : 

#0  guess_zval_convert (ret=0x7fffffff98d0, type=0x55555636b8e0 <defaultEncoding>, data=0x555556569f50)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:2851
#1  0x0000555555889b10 in master_to_zval_int (ret=ret@entry=0x7fffffff98d0, 
    encode=0x55555636b8e0 <defaultEncoding>, data=0x555556569f50)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:560
#2  0x0000555555892371 in master_to_zval (ret=ret@entry=0x7fffffff98d0, encode=<optimized out>, 
    data=<optimized out>, data@entry=0x555556569f50)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:596
#3  0x00005555558932f8 in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=0x7ffff36c9cd8, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1335
#4  0x0000555555893516 in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=<optimized out>, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#5  0x0000555555893516 in model_to_zval_object (ret=0x7fffffff9c70, model=<optimized out>, 
    data=0x555556628a10, sdl=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#6  0x00005555558934aa in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=0x7ffff36eb168, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1397
#7  0x0000555555893516 in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=<optimized out>, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#8  0x00005555558937f7 in to_zval_object_ex (ret=0x7fffffff9c70, type=<optimized out>, 
    data=0x555556628a10, pce=<optimized out>)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1515
#9  0x0000555555889b10 in master_to_zval_int (ret=ret@entry=0x7fffffff9c70, encode=0x7ffff36e1620, 
    data=0x555556628a10) at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:560
#10 0x0000555555892371 in master_to_zval (ret=ret@entry=0x7fffffff9c70, encode=<optimized out>, 
    data=<optimized out>, data@entry=0x555556628a10)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:596
#11 0x00005555558932f8 in model_to_zval_object (ret=ret@entry=0x7fffffff9ef0, model=0x7ffff36fc648, 
    data=data@entry=0x5555565691b0, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1335
#12 0x0000555555893516 in model_to_zval_object (ret=ret@entry=0x7fffffff9ef0, model=<optimized out>, 
    data=data@entry=0x5555565691b0, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#13 0x00005555558937f7 in to_zval_object_ex (ret=0x7fffffff9ef0, type=<optimized out>, 
    data=0x5555565691b0, pce=<optimized out>)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1515
#14 0x0000555555889b10 in master_to_zval_int (ret=ret@entry=0x7fffffff9ef0, encode=0x7ffff36f49d8, 
    data=0x5555565691b0) at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:560
#15 0x0000555555892371 in master_to_zval (ret=ret@entry=0x7fffffff9ef0, encode=<optimized out>, 
    data=<optimized out>, data@entry=0x5555565691b0)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:596
#16 0x000055555589be7e in parse_packet_soap (this_ptr=this_ptr@entry=0x7ffff361d200, 
    buffer=<optimized out>, buffer_size=<optimized out>, fn=0x7ffff366b380, fn_name=<optimized out>, 
    return_value=<optimized out>, soap_headers=0x0)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_packet_soap.c:326
#17 0x0000555555888ffd in do_soap_call (this_ptr=this_ptr@entry=0x7ffff361d200, 
    function=0x7ffff366b298 "recupGestionControleTechVehicule", arg_count=1, real_args=0x7ffff36f62f0, 
    return_value=0x7ffff361d180, 
    location=0x7ffff368b088 "https://test-partenaire.utac-otc.com/siv/services/SivOtcServicePort?wsdl", soap_action=0x0, call_uri=0x0, soap_headers=0x0, output_headers=0x0, function_len=<optimized out>, 



And for the sample code, I can share you the php code if you want, but not the wsdl and xsd (private file from our partner who don't want to share them publicly)
 [2019-07-12 09:49 UTC] cmb@php.net
-Status: Feedback +Status: Open -Assigned To: cmb +Assigned To:
 [2019-07-12 09:49 UTC] cmb@php.net
Thanks for the backtrace!  Not sure if the code without WSL would
be helpful.
 [2019-07-12 14:54 UTC] nikic@php.net
I've pushed a possible fix in https://github.com/php/php-src/commit/a7de2af46ccff1207a7008602b079b92de57a9fe, but as I don't have a way to repro I can't verify that this really fixes your problem, so I'm leaving this issue open for now.
 [2019-07-12 15:29 UTC] clement at ileotech dot com
YES IT'S WORKING !!! :) 

Thanks a lot to both of you for this PR and for your time !
 [2019-07-12 15:35 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2019-07-12 15:35 UTC] nikic@php.net
Thanks for the quick confirmation!
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jan 25 06:01:24 2020 UTC