From: edman007 at edman007 dot com Operating system: Linux PHP version: 5.2.3 PHP Bug Type: Reproducible crash Bug description: SoapServer crash
Description: ------------ When running the provided code SoapClient can parse the wsdl file just fine but the server segfaults upon receiving the request Reproduce code: --------------- 1. download the code from http://edman007.com/test.tar.gz 2. edit the OSCAdmin.wsdl so that the "http://localhost/~edman007/test/server.php"; points to your server.php 3. Run client.php Expected result: ---------------- PHP to remain stable, and either successfully pull the data from the server or a SoapFault Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1210508384 (LWP 26987)] zend_hash_find (ht=0xb70f8568, arKey=0x8189374 "http://www.example.com/:productDetailsType";, nKeyLength=43, pData=0xb70f8568) at /home/edman007/php-upgrade/php-5.2.3/Zend/zend_hash.c:870 870 h = zend_inline_hash_func(arKey, nKeyLength); (gdb) (gdb) bt full 15 #0 zend_hash_find (ht=0xb70f8568, arKey=0x8189374 "http://www.example.com/:productDetailsType";, nKeyLength=43, pData=0xb70f8568) at /home/edman007/php-upgrade/php-5.2.3/Zend/zend_hash.c:870 h = 135828340 nIndex = 3067893742 p = (Bucket *) 0x0 #1 0xb6cc21f1 in get_encoder_ex (sdl=0x818afc8, nscat=0x8189374 "http://www.example.com/:productDetailsType";, len=42) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_sdl.c:172 enc = (encodePtr *) 0x0 #2 0xb6cc1f60 in get_encoder (sdl=0x818afc8, ns=0x818a4c0 "http://www.example.com/";, type=0x818b88c "productDetailsType") at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_sdl.c:124 enc = 0xb70b8b94 nscat = 0x8189374 "http://www.example.com/:productDetailsType"; len = 42 #3 0xb6ca8273 in master_to_xml (encode=0xb70da99c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:442 enc = 0xb70f8568 ce = (zend_class_entry *) 0x818a53c tmp = (zval **) 0x818b878 type_len = 19 idx = 3067894481 pos = 0x818b86c type_name = 0x818b88c "productDetailsType" node = 0x0 #4 0xb6caf2b8 in guess_xml_convert (type=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:2677 enc = 0xb70f8568 ret = 0xb70f8568 #5 0xb6cb05e2 in sdl_guess_convert_xml (enc=0x818b02c, data=0x81892a8, style=2, parent=0x2) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:3100 type = 0x2b ret = 0x0 #6 0xb6ca806f in master_to_xml (encode=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:475 __nl = 3211682312 nscat = {c = 0x80a8178 "\001", len = 135828340, a = 3211682376} new_enc = (encodePtr *) 0x0 node = 0x0 #7 0xb6caf2b8 in guess_xml_convert (type=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:2677 enc = 0xb70f8568 ret = 0xb70f8568 #8 0xb6cb05e2 in sdl_guess_convert_xml (enc=0x818b02c, data=0x81892a8, style=2, parent=0x2) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:3100 type = 0x2b ret = 0x0 #9 0xb6ca806f in master_to_xml (encode=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:475 __nl = 3211682552 nscat = {c = 0x80a8178 "\001", len = 135828340, a = 3211682616} new_enc = (encodePtr *) 0x0 node = 0x0 #10 0xb6caf2b8 in guess_xml_convert (type=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:2677 enc = 0xb70f8568 ret = 0xb70f8568 #11 0xb6cb05e2 in sdl_guess_convert_xml (enc=0x818b02c, data=0x81892a8, style=2, parent=0x2) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:3100 type = 0x2b ret = 0x0 #12 0xb6ca806f in master_to_xml (encode=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:475 __nl = 3211682792 nscat = {c = 0x80a8178 "\001", len = 135828340, a = 3211682856} new_enc = (encodePtr *) 0x0 node = 0x0 #13 0xb6caf2b8 in guess_xml_convert (type=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:2677 enc = 0xb70f8568 ret = 0xb70f8568 #14 0xb6cb05e2 in sdl_guess_convert_xml (enc=0x818b02c, data=0x81892a8, style=2, parent=0x2) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:3100 type = 0x2b ret = 0x0 (More stack frames follow...) (gdb) bt full -25 #104664 0xb6ca806f in master_to_xml (encode=0x818b02c, data=0x81892a8, style=2, parent=0x823c1a8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:475 __nl = 135832660 nscat = {c = 0x8187960 "products", len = 8, a = 135832660} new_enc = (encodePtr *) 0xb70b8b94 node = 0x0 #104665 0xb6cab96d in model_to_xml_object (node=0x823c1a8, model=0x8189bd8, object=0xbfee29a0, style=2, strict=1) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:1601 data = (zval *) 0x81892a8 property = 0x23 enc = 0x818b02c #104666 0xb6cabcb9 in model_to_xml_object (node=0x823c1a8, model=0x8189b68, object=0xbfee29a0, style=2, strict=1) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:1677 tmp = (sdlContentModelPtr *) 0x8189bfc pos = 0x8189bf0 #104667 0xb6cac23d in to_xml_object (type=0x818bc68, data=0xbfee29a0, style=2, parent=0x81891f8) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:1854 array_el = 0x81891f8 xmlParam = 0x823c1a8 prop = (HashTable *) 0x81891f8 i = 135827960 sdlType = 0x818ba6c #104668 0xb6ca806f in master_to_xml (encode=0x818bc68, data=0xbfee29a0, style=2, parent=0x823c108) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/php_encoding.c:475 __nl = 3220055512 nscat = {c = 0x81891d4 "(·\030\b", len = 32, a = 3220055640} new_enc = (encodePtr *) 0x818bb54 node = 0x0 #104669 0xb6ca4277 in serialize_zval (val=0x8189374, param=0xb70f8568, paramName=0x818a310 "out", style=2, parent=0x823c108) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/soap.c:4267 xmlParam = 0xb6df838c enc = 0x818bc68 defval = {value = {lval = -1074910816, dval = -1.4359979421946516e-39, str = {val = 0xbfee29a0 "\004", len = -1210104332}, ht = 0xbfee29a0, obj = {handle = 3220056480, handlers = 0xb7df45f4}}, refcount = 32, type = 148 '\224', is_ref = 139 '\213'} #104670 0xb6ca4192 in serialize_parameter (param=0x818a2cc, param_val=0xbfee29a0, index=0, name=0xb7071a28 "return", style=2, parent=0x823c108) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/soap.c:4240 paramName = 0x818a310 "out" xmlParam = 0xb70f8568 paramNameBuf = "t¢\030\b\000\000\000\000È&" #104671 0xb6ca2223 in serialize_response_call2 (body=0x823c108, function=0x818a10c, function_name=0x818bc08 "GetProductsResponse", uri=0x818bb20 "http://www.example.com/";, ret=0xbfee29a0, version=1, main=1) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/soap.c:3594 method = 0x0 param = 0x823c0b8 parameter = 0x818a2cc param_count = -1223719576 style = 1 use = 2 ns = 0xb7065582 #104672 0xb6ca25ec in serialize_response_call (function=0x818a10c, function_name=0x818bc08 "GetProductsResponse", uri=0x818bb20 "http://www.example.com/";, ret=0xbfee29a0, headers=0x1, version=1) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/soap.c:3973 hdr_enc = 0xb70facb0 hdr_ns = 0xbfee2a50 "L·\030\b\204¶\030\b¨\001$\b(\205\027\bd*î¿Ð¶\030\b\230*î¿Thܶ8\211\030\b\030Ý\026\b\230*î¿\r" hdr_name = 0xbfee2a60 "d*î¿Ð¶\030\b\230*î¿Thܶ8\211\030\b\030Ý\026\b\230*î¿\r" hdr_use = -1074901504 hdr_ret = (zval *) 0x1 h = (soapHeader *) 0xbfee2b40 doc = 0x8238f40 envelope = 0x823c0b8 body = 0x823c108 param = 0x818a3ec ns = 0x823c048 use = 2 head = 0x0 #104673 0xb6c9baf9 in zim_SoapServer_handle (ht=0, return_value=0x818b710, return_value_ptr=0x0, this_ptr=0x8189374, return_value_used=0) at /home/edman007/php-upgrade/php-5.2.3/ext/soap/soap.c:1814 response_name = 0x818bc08 "GetProductsResponse" soap_version = 1 old_soap_version = 1 old_sdl = 0x0 service = 0x818b7c8 doc_request = 0x823bf88 ---Type <return> to continue, or q <return> to quit--- doc_return = 0x0 function_name = {value = {lval = 135838572, dval = 2.3409066872423328e-313, str = {val = 0x818bb6c "GetProducts", len = 11}, ht = 0x818bb6c, obj = {handle = 135838572, handlers = 0xb}}, refcount = 1, type = 6 '\006', is_ref = 0 '\0'} params = (zval **) 0x818bfa4 soap_obj = (zval *) 0x0 retval = {value = {lval = 4, dval = -1.7397722555026501e-43, str = {val = 0x4 <Address 0x4 out of bounds>, len = -1223751200}, ht = 0x4, obj = {handle = 4, handlers = 0xb70f09e0}}, refcount = 1, type = 5 '\005', is_ref = 0 '\0'} fn_name = 0x818a410 "ô£\030\broducts" cont_len = "\022CÛ·\bä\026\b¨)[EMAIL PROTECTED])î¿\002y" num_params = 1 size = -1074910952 i = 135838728 call_status = 0 buf = (xmlChar *) 0xb <Address 0xb out of bounds> function_table = (HashTable *) 0x818b0b0 soap_headers = (soapHeader *) 0x0 function = 0x818a10c arg = 0x0 arg_len = -1074910900 old_encoding = 0x0 old_class_map = (HashTable *) 0x0 old_typemap = (HashTable *) 0x0 old_features = 0 _old_handler = 0 '\0' _old_error_code = 0x0 _old_error_object = (zval *) 0x0 _old_soap_version = 1 #104674 0xb6dfa673 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfee2b40) at zend_vm_execute.h:200 return_reference = 0 '\0' opline = (zend_op *) 0x8188dfc original_return_value = (zval **) 0x6 current_scope = (zend_class_entry *) 0x0 current_this = (zval *) 0x0 should_change_scope = 1 '\001' #104675 0xb6df9e39 in execute (op_array=0x8188770) at zend_vm_execute.h:92 execute_data = {opline = 0x8188dfc, function_state = {function_symbol_table = 0xb70b8b94, function = 0x816e438, reserved = {0xb6dd4fff, 0x8188998, 0xbfee4e20, 0xbfee2b88}}, fbc = 0x816e438, op_array = 0x8188770, object = 0x818b6d0, Ts = 0xbfee2a60, CVs = 0xbfee2a50, original_in_execution = 0 '\0', symbol_table = 0xb70facb0, prev_execute_data = 0x0, old_error_reporting = 0x0} #104676 0xb6dde561 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/edman007/php-upgrade/php-5.2.3/Zend/zend.c:1134 files = 0xbfee2c04 "" i = 1 file_handle = (zend_file_handle *) 0xbfee4e20 orig_op_array = (zend_op_array *) 0x0 orig_retval_ptr_ptr = (zval **) 0x0 local_retval = (zval *) 0x0 #104677 0xb6da00af in php_execute_script (primary_file=0xbfee4e20) at /home/edman007/php-upgrade/php-5.2.3/main/main.c:1794 realfile = "settype\000\002\000\000\000xodÿgettype\000\002\000\000\000\000\000ÿÿstrval\000¿\002\000\000\000u`kÿdoubleval\000\000\000\000\000ÿÿfloatval\000\000\000\000\000\000\000ÿintval\000¿\002\000\000\000\000ÿÿÿdns_get_record\000ÿgetmxrr\000\002\000\000\000\000\000ÿÿdns_get_mx\000\000\000\000\000ÿcheckdnsrr\000\000nqcÿdns_check_record\000A\a·LOî¿\002\000\000\000\000\000\000ÿgethostb"... prepend_file_p = (zend_file_handle *) 0x0 append_file_p = (zend_file_handle *) 0x0 prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} old_cwd = 0xbfee2c10 "/mnt/hd/public_html/osc/emailOSC" retval = 0 #104678 0xb6e573ce in apache_php_module_main (r=0x8234c14, display_source_mode=0) at /home/edman007/php-upgrade/php-5.2.3/sapi/apache/sapi_apache.c:53 retval = 0 file_handle = {type = 5 '\005', filename = 0x82366d4 "/home/edman007/public_html/test/server.php", opened_path = 0x0, handle = {fd = 135825588, fp = 0x81888b4, stream = {handle = 0x81888b4, reader = 0xb6db08d0 <_php_stream_read>, closer = 0xb6d9ebe0 <stream_closer_for_zend>, fteller = 0xb6d9ec10 <stream_fteller_for_zend>, interactive = 0}}, free_filename = 0 '\0'} #104679 0xb6e58073 in send_php (r=0x8234c14, display_source_mode=0, filename=0x0) at /home/edman007/php-upgrade/php-5.2.3/sapi/apache/mod_php5.c:663 __bailout = {{__jmpbuf = {-1223980140, 136530964, 2, -1074900968, -1074901392, -1226473573}, __mask_was_saved = 0, __saved_mask = {__val = {136539120, 136539172, 136539188, 136539172, 136539120, 136539092, 2, 3220066184, 3083972799, 136539172, 136539144, 0, 136539132, 136539188, 136539212, 0, 0, 24, 136530964, 3220066248, 134546373, 136539172, 136539172, 136539092, 134548767, 136532348, 3220066276, 23, 3083996786, 0, 136539211, 3220066360}}}} retval = 0 per_dir_conf = (HashTable *) 0x8189374 ---Type <return> to continue, or q <return> to quit--- #104680 0xb6e581c2 in send_parsed_php (r=0x8234c14) at /home/edman007/php-upgrade/php-5.2.3/sapi/apache/mod_php5.c:678 result = 2 #104681 0x08054b3f in ap_invoke_handler () No symbol table info available. #104682 0x0806a4db in ap_some_auth_required () No symbol table info available. #104683 0x0806a53a in ap_process_request () No symbol table info available. #104684 0x0806117c in ap_child_terminate () No symbol table info available. #104685 0x0806134a in ap_child_terminate () No symbol table info available. #104686 0x080614b0 in ap_child_terminate () No symbol table info available. #104687 0x08061b50 in ap_child_terminate () No symbol table info available. #104688 0x08062388 in main () No symbol table info available. (gdb) -- Edit bug report at http://bugs.php.net/?id=42326&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=42326&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=42326&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=42326&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=42326&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=42326&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=42326&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=42326&r=needscript Try newer version: http://bugs.php.net/fix.php?id=42326&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=42326&r=support Expected behavior: http://bugs.php.net/fix.php?id=42326&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=42326&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=42326&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=42326&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=42326&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=42326&r=dst IIS Stability: http://bugs.php.net/fix.php?id=42326&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=42326&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=42326&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=42326&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=42326&r=mysqlcfg
