ID: 49632 Updated by: j...@php.net -Summary: xmlrpc_decode result crushes on value assignment Reported By: m dot kurzyna at crystalpoint dot pl -Status: Open +Status: Feedback Bug Type: XMLRPC-EPI related Operating System: Linux x86_64 PHP Version: 5.3.0 New Comment:
Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ I can not reproduce this. Also make sure you're not loading any zend extensions.. Previous Comments: ------------------------------------------------------------------------ [2009-09-22 20:23:20] m dot kurzyna at crystalpoint dot pl Description: ------------ On decoding value with xmlrpc_decode() it will hang/crash PHP process when trying to assign result value. This will work fine: xmlrpc_decode('...','utf-8'); While this: $r = xmlrpc_decode('...','utf-8'); Will hang/crash. This only happens on x86_64 systems - 32bit works fine. Relevant part of the backtrace seems to be: #24 0x00007fffeb297271 in XML_ParseBuffer () from /usr/lib64/libexpat.so.0 #25 0x00007fffeb4c329a in xml_elem_parse_buf () from /usr/lib64/libxmlrpc.so.0 #26 0x00007fffeb4c74e9 in XMLRPC_REQUEST_FromXML () from /usr/lib64/libxmlrpc.so.0 #27 0x00007fffeb6d3523 in decode_request_worker (xml_in=0x7ffff637ee60 "\2", xml_in_len=128, encoding_in=<value optimized out>, method_name_out=0xffffffffffffffff) at /usr/src/debug/php-5.3.0/ext/xmlrpc/xmlrpc-epi-php.c:764 #28 0x00007fffeb6d3630 in zif_xmlrpc_decode (ht=<value optimized out>, return_value=0x86e5e0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=1, tsrm_ls=0x606ce0) at /usr/src/debug/php-5.3.0/ext/xmlrpc/xmlrpc-epi-php.c:821 I will provide full trace if needed. Reproduce code: --------------- <?php $v = xmlrpc_decode( '<?xml version="1.0"?> <methodResponse> <params> <param> <value> <string>1</string> </value> </param> </params> </methodResponse>','utf-8'); echo "OK\n"; ?> Expected result: ---------------- OK Actual result: -------------- *** glibc detected *** /usr/bin/php: free(): invalid next size (fast): 0x00000000008a7540 *** ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49632&edit=1