php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81154 Segmentation fault on instanciating SoapClient
Submitted: 2021-06-17 09:02 UTC Modified: 2021-06-27 04:22 UTC
From: arnaud dot lepeltier at cogifor dot Com Assigned:
Status: No Feedback Package: SOAP related
PHP Version: 8.0.7 OS: linux
Private report: No CVE-ID: None
View Developer Edit
 [2021-06-17 09:02 UTC] arnaud dot lepeltier at cogifor dot Com 
Description:
------------
When instanciating a Soap Client for a large wsdl, 
I encounter a segmentation fault.

This has been tested on php8.0 and php 7.4.

Enabling/disabling the wsdl cache has no effect.
increasing the memory limit has no effect

initial ticket at: https://github.com/phpro/soap-client/issues/373

Test script:
---------------
<?php
echo PHP_EOL, "START SCRIPT";
$url = 'https://service-test.protel.io/services/ProtelApiService.ProtelApiServiceHttpsSoap12Endpoint?wsdl';
$client = new SoapClient($url, [
    'cache_wsdl'=>WSDL_CACHE_NONE
]);
echo PHP_EOL, "SOAP CLIENT CREATED";
$client->__getTypes();
echo PHP_EOL, "GET TYPES DONE";


Expected result:
----------------
START SCRIPT
SOAP CLIENT CREATED
GET TYPES DONE

Actual result:
--------------
SOAP CLIENT CREATEDErreur de segmentation (core dumped)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-17 09:46 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2021-06-17 09:46 UTC] requinix@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

It seems to hang for me after the START SCRIPT, with and without the cache.

If there is a loop then the segfault could be a stack overflow trying to load the schemas (readily identifiable from a backtrace) however I don't think that would explain the EXC_BAD_ACCESS in strlen posted in that thread.
 [2021-06-17 10:03 UTC] cmb@php.net 
I can reproduce the segfault, and the following patch prevents it.


 ext/soap/soap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 7429aebbf7..232f3bf05a 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -4827,7 +4827,9 @@ static void type_to_string(sdlTypePtr type, smart_str *buf, int level) /* {{{ */
 						} else {
 							smart_str_appendl(buf, "UNKNOWN ", 8);
 						}
-						smart_str_appends(buf, attr->name);
+						if (attr->name) {
+							smart_str_appends(buf, attr->name);
+						}
 						smart_str_appendl(buf, ";\n", 2);
 					} ZEND_HASH_FOREACH_END();
 				}


I have no idea, though, whether that is the proper fix.
 [2021-06-27 04:22 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 16:00:01 2025 UTC