From: m dot kurzyna at crystalpoint dot pl
Operating system: Linux x86_64
PHP version: 5.3.0
PHP Bug Type: XMLRPC-EPI related
Bug description: xmlrpc_decode result crushes on value assignment
Description:
------------
On decoding value with xmlrpc_decode() it will hang/crash PHP process when
trying to assign result value.
This will work fine:
xmlrpc_decode('...','utf-8');
While this:
$r = xmlrpc_decode('...','utf-8');
Will hang/crash.
This only happens on x86_64 systems - 32bit works fine.
Relevant part of the backtrace seems to be:
#24 0x00007fffeb297271 in XML_ParseBuffer () from
/usr/lib64/libexpat.so.0
#25 0x00007fffeb4c329a in xml_elem_parse_buf () from
/usr/lib64/libxmlrpc.so.0
#26 0x00007fffeb4c74e9 in XMLRPC_REQUEST_FromXML () from
/usr/lib64/libxmlrpc.so.0
#27 0x00007fffeb6d3523 in decode_request_worker (xml_in=0x7ffff637ee60
"\2", xml_in_len=128, encoding_in=<value optimized out>,
method_name_out=0xffffffffffffffff) at
/usr/src/debug/php-5.3.0/ext/xmlrpc/xmlrpc-epi-php.c:764
#28 0x00007fffeb6d3630 in zif_xmlrpc_decode (ht=<value optimized out>,
return_value=0x86e5e0, return_value_ptr=<value optimized out>,
this_ptr=<value optimized out>, return_value_used=1, tsrm_ls=0x606ce0)
at /usr/src/debug/php-5.3.0/ext/xmlrpc/xmlrpc-epi-php.c:821
I will provide full trace if needed.
Reproduce code:
---------------
<?php
$v = xmlrpc_decode(
'<?xml version="1.0"?>
<methodResponse>
<params>
<param>
<value>
<string>1</string>
</value>
</param>
</params>
</methodResponse>','utf-8');
echo "OK\n";
?>
Expected result:
----------------
OK
Actual result:
--------------
*** glibc detected *** /usr/bin/php: free(): invalid next size (fast):
0x00000000008a7540 ***
--
Edit bug report at http://bugs.php.net/?id=49632&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=49632&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=49632&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=49632&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=49632&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=49632&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=49632&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=49632&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=49632&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=49632&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=49632&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=49632&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=49632&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=49632&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=49632&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49632&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=49632&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=49632&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=49632&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=49632&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=49632&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=49632&r=mysqlcfg
