PHP :: Bug #78278 :: Segfault with soap

Bug #78278	Segfault with soap
Submitted:	2019-07-12 08:42 UTC	Modified:	2019-07-12 15:35 UTC
From:	clement at ileotech dot com	Assigned:	nikic (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	7.3.7	OS:	ubuntu 18.04
Private report:	No	CVE-ID:	None

View Developer Edit

[2019-07-12 08:42 UTC] clement at ileotech dot com

Description:
------------
I got really few information on this crash:

When I try to call a function through soap client with WSDL_CACHE_NONE and SOAP_SSL_METHOD_TLS, I got a segfault with soap.so, gdb send me those lines : 

```
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
guess_zval_convert (ret=0x7fffffff9900, type=0x55555636b8e0 <defaultEncoding>, data=0x555556569f30)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:2851
2851			Z_DELREF_P(ret);
```

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-07-12 09:03 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2019-07-12 09:03 UTC] cmb@php.net

> I got really few information on this crash:

Indeed, too few information.  A backtrace[1] could be helpful, an
SSCCE[2] would likely be even more helpful.

[1] <http://bugs.php.net/bugs-generating-backtrace.php>
[2] <http://sscce.org/>

[2019-07-12 09:31 UTC] clement at ileotech dot com

For the backtrace : 

#0  guess_zval_convert (ret=0x7fffffff98d0, type=0x55555636b8e0 <defaultEncoding>, data=0x555556569f50)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:2851
#1  0x0000555555889b10 in master_to_zval_int (ret=ret@entry=0x7fffffff98d0, 
    encode=0x55555636b8e0 <defaultEncoding>, data=0x555556569f50)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:560
#2  0x0000555555892371 in master_to_zval (ret=ret@entry=0x7fffffff98d0, encode=<optimized out>, 
    data=<optimized out>, data@entry=0x555556569f50)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:596
#3  0x00005555558932f8 in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=0x7ffff36c9cd8, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1335
#4  0x0000555555893516 in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=<optimized out>, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#5  0x0000555555893516 in model_to_zval_object (ret=0x7fffffff9c70, model=<optimized out>, 
    data=0x555556628a10, sdl=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#6  0x00005555558934aa in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=0x7ffff36eb168, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1397
#7  0x0000555555893516 in model_to_zval_object (ret=ret@entry=0x7fffffff9c70, model=<optimized out>, 
    data=data@entry=0x555556628a10, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#8  0x00005555558937f7 in to_zval_object_ex (ret=0x7fffffff9c70, type=<optimized out>, 
    data=0x555556628a10, pce=<optimized out>)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1515
#9  0x0000555555889b10 in master_to_zval_int (ret=ret@entry=0x7fffffff9c70, encode=0x7ffff36e1620, 
    data=0x555556628a10) at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:560
#10 0x0000555555892371 in master_to_zval (ret=ret@entry=0x7fffffff9c70, encode=<optimized out>, 
    data=<optimized out>, data@entry=0x555556628a10)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:596
#11 0x00005555558932f8 in model_to_zval_object (ret=ret@entry=0x7fffffff9ef0, model=0x7ffff36fc648, 
    data=data@entry=0x5555565691b0, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1335
#12 0x0000555555893516 in model_to_zval_object (ret=ret@entry=0x7fffffff9ef0, model=<optimized out>, 
    data=data@entry=0x5555565691b0, sdl=sdl@entry=0x7ffff3673100)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1388
#13 0x00005555558937f7 in to_zval_object_ex (ret=0x7fffffff9ef0, type=<optimized out>, 
    data=0x5555565691b0, pce=<optimized out>)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:1515
#14 0x0000555555889b10 in master_to_zval_int (ret=ret@entry=0x7fffffff9ef0, encode=0x7ffff36f49d8, 
    data=0x5555565691b0) at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:560
#15 0x0000555555892371 in master_to_zval (ret=ret@entry=0x7fffffff9ef0, encode=<optimized out>, 
    data=<optimized out>, data@entry=0x5555565691b0)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_encoding.c:596
#16 0x000055555589be7e in parse_packet_soap (this_ptr=this_ptr@entry=0x7ffff361d200, 
    buffer=<optimized out>, buffer_size=<optimized out>, fn=0x7ffff366b380, fn_name=<optimized out>, 
    return_value=<optimized out>, soap_headers=0x0)
    at /home/clement/Downloads/testphp/php-7.3.7/ext/soap/php_packet_soap.c:326
#17 0x0000555555888ffd in do_soap_call (this_ptr=this_ptr@entry=0x7ffff361d200, 
    function=0x7ffff366b298 "recupGestionControleTechVehicule", arg_count=1, real_args=0x7ffff36f62f0, 
    return_value=0x7ffff361d180, 
    location=0x7ffff368b088 "https://test-partenaire.utac-otc.com/siv/services/SivOtcServicePort?wsdl", soap_action=0x0, call_uri=0x0, soap_headers=0x0, output_headers=0x0, function_len=<optimized out>, 



And for the sample code, I can share you the php code if you want, but not the wsdl and xsd (private file from our partner who don't want to share them publicly)

[2019-07-12 09:49 UTC] cmb@php.net

-Status: Feedback +Status: Open -Assigned To: cmb +Assigned To:

[2019-07-12 09:49 UTC] cmb@php.net

Thanks for the backtrace!  Not sure if the code without WSL would
be helpful.

[2019-07-12 14:54 UTC] nikic@php.net

I've pushed a possible fix in https://github.com/php/php-src/commit/a7de2af46ccff1207a7008602b079b92de57a9fe, but as I don't have a way to repro I can't verify that this really fixes your problem, so I'm leaving this issue open for now.

[2019-07-12 15:29 UTC] clement at ileotech dot com

YES IT'S WORKING !!! :) 

Thanks a lot to both of you for this PR and for your time !

[2019-07-12 15:35 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2019-07-12 15:35 UTC] nikic@php.net

Thanks for the quick confirmation!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 09 14:00:01 2025 UTC