ID: 49632 User updated by: m dot kurzyna at crystalpoint dot pl Reported By: m dot kurzyna at crystalpoint dot pl -Status: Feedback +Status: Open Bug Type: XMLRPC-EPI related Operating System: Linux x86_64 PHP Version: 5.3.0 New Comment:
Unfortunatly i can reproduce it every time even on bare setup: [r...@apache-php53 bugs]# php -m [PHP Modules] Core date ereg libxml mysqlnd pcre Reflection session SPL standard xmlrpc [Zend Modules] [r...@apache-php53 bugs]# php xmlrpc_decode.php *** glibc detected *** php: free(): invalid next size (fast): 0x000000000079fbd0 *** And then backtrace follows, see: http://pastebin.com/f5ed2df2d for full output. Previous Comments: ------------------------------------------------------------------------ [2009-09-22 20:32:11] j...@php.net Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ I can not reproduce this. Also make sure you're not loading any zend extensions.. ------------------------------------------------------------------------ [2009-09-22 20:23:20] m dot kurzyna at crystalpoint dot pl Description: ------------ On decoding value with xmlrpc_decode() it will hang/crash PHP process when trying to assign result value. This will work fine: xmlrpc_decode('...','utf-8'); While this: $r = xmlrpc_decode('...','utf-8'); Will hang/crash. This only happens on x86_64 systems - 32bit works fine. Relevant part of the backtrace seems to be: #24 0x00007fffeb297271 in XML_ParseBuffer () from /usr/lib64/libexpat.so.0 #25 0x00007fffeb4c329a in xml_elem_parse_buf () from /usr/lib64/libxmlrpc.so.0 #26 0x00007fffeb4c74e9 in XMLRPC_REQUEST_FromXML () from /usr/lib64/libxmlrpc.so.0 #27 0x00007fffeb6d3523 in decode_request_worker (xml_in=0x7ffff637ee60 "\2", xml_in_len=128, encoding_in=<value optimized out>, method_name_out=0xffffffffffffffff) at /usr/src/debug/php-5.3.0/ext/xmlrpc/xmlrpc-epi-php.c:764 #28 0x00007fffeb6d3630 in zif_xmlrpc_decode (ht=<value optimized out>, return_value=0x86e5e0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=1, tsrm_ls=0x606ce0) at /usr/src/debug/php-5.3.0/ext/xmlrpc/xmlrpc-epi-php.c:821 I will provide full trace if needed. Reproduce code: --------------- <?php $v = xmlrpc_decode( '<?xml version="1.0"?> <methodResponse> <params> <param> <value> <string>1</string> </value> </param> </params> </methodResponse>','utf-8'); echo "OK\n"; ?> Expected result: ---------------- OK Actual result: -------------- *** glibc detected *** /usr/bin/php: free(): invalid next size (fast): 0x00000000008a7540 *** ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49632&edit=1