ID: 37083
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Assigned
Bug Type: SOAP related
Operating System: *
PHP Version: 5CVS-2006-04-14 (snap)
Assigned To: andrei
New Comment:
I have now compiled it again only with xml and soap modules linked
statically with --enable-debug, this time it coredumps even in the
first loop (there must be something completely broken, that the script
generates two different signals with/without debug). From the webserver
logs you see that master_to_xml is also in the error log (together with
other soap functions):
(gdb) run ~/test/test.php
Starting program: /pangaea/install/php5.1-200604131430/sapi/cli/php
~/test/test.php
Loop: 0
Program received signal SIGSEGV, Segmentation fault.
master_to_xml (encode=0x424b60, data=0x43fc28, style=1,
parent=0x429740)
at
/pangaea/install/php5.1-200604131430/ext/soap/php_encoding.c:363
363 data =
encode->to_xml_before(&encode->details, data);
(gdb) bt
#0 master_to_xml (encode=0x424b60, data=0x43fc28, style=1,
parent=0x429740)
at
/pangaea/install/php5.1-200604131430/ext/soap/php_encoding.c:363
#1 0x0011ca0c in model_to_xml_object (node=0x429740, model=0x43a8b0,
object=0x43fc28, style=1, strict=1)
at
/pangaea/install/php5.1-200604131430/ext/soap/php_encoding.c:1461
#2 0x0011cb5c in model_to_xml_object (node=0x429740, model=0x43a8e0,
object=0x428258, style=1, strict=1)
at
/pangaea/install/php5.1-200604131430/ext/soap/php_encoding.c:1542
#3 0x0011d300 in to_xml_object (type=0x439ef8, data=0x428258, style=1,
parent=0x423138)
at
/pangaea/install/php5.1-200604131430/ext/soap/php_encoding.c:1718
#4 0x0011fd60 in sdl_guess_convert_xml (enc=0x439ef8, data=0x428258,
style=1, parent=0x423138)
at
/pangaea/install/php5.1-200604131430/ext/soap/php_encoding.c:2981
#5 0x0011b7e4 in master_to_xml (encode=0x439ef8, data=0x428258,
style=1, parent=0x423138)
at
/pangaea/install/php5.1-200604131430/ext/soap/php_encoding.c:366
#6 0x0010d45c in serialize_zval (val=0x428258, param=0x42f430,
paramName=0x413718 "searchDescription", style=1,
parent=0x423138) at
/pangaea/install/php5.1-200604131430/ext/soap/soap.c:4167
#7 0x0010d60c in serialize_parameter (param=0x42f430,
param_val=0x428258, index=1, name=0x0, style=1,
parent=0x423138) at
/pangaea/install/php5.1-200604131430/ext/soap/soap.c:4140
#8 0x001124ac in serialize_function_call (this_ptr=0x427f60,
function=0x415118,
function_name=0x1 <Address 0x1 out of bounds>, uri=0x42f430 "",
arguments=0x44059c, arg_count=5, version=1,
soap_headers=0x0) at
/pangaea/install/php5.1-200604131430/ext/soap/soap.c:3975
#9 0x001132ac in do_soap_call (this_ptr=0x427f60, function=0x440650
"advSearch", function_len=9, arg_count=5,
real_args=0x440598, return_value=0x43fda0, location=0x43a6f0
"http://ws.pangaea.de/ws/services/PangaVista";,
soap_action=0x0, call_uri=0x0, soap_headers=0x0,
output_headers=0x0)
at /pangaea/install/php5.1-200604131430/ext/soap/soap.c:2482
#10 0x00113ebc in zif_SoapClient___call (ht=2, return_value=0x43fda0,
return_value_ptr=0x0, this_ptr=0x427f60,
return_value_used=1) at
/pangaea/install/php5.1-200604131430/ext/soap/soap.c:2696
#11 0x002023bc in zend_call_function (fci=0xffbfef98,
fci_cache=0x363c00)
at
/pangaea/install/php5.1-200604131430/Zend/zend_execute_API.c:952
#12 0x002226dc in zend_call_method (object_pp=0xffbff0b0,
obj_ce=0x3d0e38, fn_proxy=0x3d0f54,
function_name=0x2ee3c8 "__call", function_name_len=6,
retval_ptr_ptr=0xffbff04c, param_count=1515870810,
arg1=0x440008, arg2=0x4403a0) at
/pangaea/install/php5.1-200604131430/Zend/zend_interfaces.c:88
#13 0x0022904c in zend_std_call_user_call (ht=-4198224,
return_value=0x43ff60, return_value_ptr=0x0,
this_ptr=0x427f60, return_value_used=1) at
/pangaea/install/php5.1-200604131430/Zend/zend_object_handlers.c:634
#14 0x0022e8fc in zend_do_fcall_common_helper_SPEC
(execute_data=0xffbff388) at zend_vm_execute.h:200
#15 0x0022e0d0 in execute (op_array=0x422d08) at zend_vm_execute.h:92
#16 0x0020fef0 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /pangaea/install/php5.1-200604131430/Zend/zend.c:1109
#17 0x001cdb58 in php_execute_script (primary_file=0xffbffc28)
---Type <return> to continue, or q <return> to quit---
at /pangaea/install/php5.1-200604131430/main/main.c:1732
#18 0x0029100c in main (argc=2, argv=0xffbffcc4) at
/pangaea/install/php5.1-200604131430/sapi/cli/php_cli.c:1092
(gdb)
Previous Comments:
------------------------------------------------------------------------
[2006-04-14 15:06:20] [EMAIL PROTECTED]
Can definitely reproduce this. Valgrind trace follows:
==8798== Invalid read of size 4
==8798== at 0x81FE864: master_to_xml (php_encoding.c:362)
==8798== by 0x8201ED5: model_to_xml_object (php_encoding.c:1459)
==8798== by 0x82022B9: model_to_xml_object (php_encoding.c:1540)
==8798== by 0x8202A93: to_xml_object (php_encoding.c:1716)
==8798== by 0x8208C9C: sdl_guess_convert_xml (php_encoding.c:2979)
==8798== by 0x81FE8AF: master_to_xml (php_encoding.c:366)
==8798== by 0x81F9732: serialize_zval (soap.c:4162)
==8798== by 0x81F9633: serialize_parameter (soap.c:4135)
==8798== by 0x81F8AA5: serialize_function_call (soap.c:3970)
==8798== by 0x81F2545: do_soap_call (soap.c:2477)
==8798== by 0x81F3A76: zif_SoapClient___call (soap.c:2691)
==8798== by 0x837BE3F: zend_call_function (zend_execute_API.c:952)
==8798== Address 0x4B165E4 is 36 bytes inside a block of size 44
free'd
==8798== at 0x401D048: free (vg_replace_malloc.c:235)
==8798== by 0x820AA2D: delete_encoder (php_encoding.c:3301)
==8798== by 0x83912EB: zend_hash_destroy (zend_hash.c:521)
==8798== by 0x8235248: delete_sdl_impl (php_sdl.c:3196)
==8798== by 0x82350C7: get_sdl (php_sdl.c:3153)
==8798== by 0x81F1A76: zif_SoapClient_SoapClient (soap.c:2301)
==8798== by 0x83A6870: execute_internal (zend_execute.c:1368)
==8798== by 0x4A1D670: xdebug_execute_internal (xdebug.c:1428)
==8798== by 0x83A6EB1: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:202)
==8798== by 0x83A7B59: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==8798== by 0x83A6A44: execute (zend_vm_execute.h:92)
==8798== by 0x4A1D30C: xdebug_execute (xdebug.c:1366)
==8798==
==8798== Invalid read of size 4
==8798== at 0x81FE886: master_to_xml (php_encoding.c:365)
==8798== by 0x8201ED5: model_to_xml_object (php_encoding.c:1459)
==8798== by 0x82022B9: model_to_xml_object (php_encoding.c:1540)
==8798== by 0x8202A93: to_xml_object (php_encoding.c:1716)
==8798== by 0x8208C9C: sdl_guess_convert_xml (php_encoding.c:2979)
==8798== by 0x81FE8AF: master_to_xml (php_encoding.c:366)
==8798== by 0x81F9732: serialize_zval (soap.c:4162)
==8798== by 0x81F9633: serialize_parameter (soap.c:4135)
==8798== by 0x81F8AA5: serialize_function_call (soap.c:3970)
==8798== by 0x81F2545: do_soap_call (soap.c:2477)
==8798== by 0x81F3A76: zif_SoapClient___call (soap.c:2691)
==8798== by 0x837BE3F: zend_call_function (zend_execute_API.c:952)
==8798== Address 0x4B165D8 is 24 bytes inside a block of size 44
free'd
==8798== at 0x401D048: free (vg_replace_malloc.c:235)
==8798== by 0x820AA2D: delete_encoder (php_encoding.c:3301)
==8798== by 0x83912EB: zend_hash_destroy (zend_hash.c:521)
==8798== by 0x8235248: delete_sdl_impl (php_sdl.c:3196)
==8798== by 0x82350C7: get_sdl (php_sdl.c:3153)
==8798== by 0x81F1A76: zif_SoapClient_SoapClient (soap.c:2301)
==8798== by 0x83A6870: execute_internal (zend_execute.c:1368)
==8798== by 0x4A1D670: xdebug_execute_internal (xdebug.c:1428)
==8798== by 0x83A6EB1: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:202)
==8798== by 0x83A7B59: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(zend_vm_execute.h:322)
==8798== by 0x83A6A44: execute (zend_vm_execute.h:92)
==8798== by 0x4A1D30C: xdebug_execute (xdebug.c:1366)
==8798==
gdb backtrace:
#0 0x00000030 in ?? ()
#1 0x081fe8d9 in master_to_xml (encode=0x873eca0, data=0x8733218,
style=1,
parent=0x873dcd8) at
/dat/dev/php/php-5.1dev/ext/soap/php_encoding.c:369
#2 0x08201ed6 in model_to_xml_object (node=0x873dcd8,
model=0x874a7e0,
object=0x87331b8, style=1, strict=1)
at /dat/dev/php/php-5.1dev/ext/soap/php_encoding.c:1459
#3 0x082022ba in model_to_xml_object (node=0x873dcd8,
model=0x874b228,
object=0x87331b8, style=1, strict=1)
at /dat/dev/php/php-5.1dev/ext/soap/php_encoding.c:1540
#4 0x08202a94 in to_xml_object (type=0x874bf20, data=0x87331b8,
style=1,
parent=0x873dd50) at
/dat/dev/php/php-5.1dev/ext/soap/php_encoding.c:1716
#5 0x08208c9d in sdl_guess_convert_xml (enc=0x874bf20,
data=0x87331b8,
style=1, parent=0x873dd50)
at /dat/dev/php/php-5.1dev/ext/soap/php_encoding.c:2979
#6 0x081fe8b0 in master_to_xml (encode=0x874bf20, data=0x87331b8,
style=1,
parent=0x873dd50) at
/dat/dev/php/php-5.1dev/ext/soap/php_encoding.c:366
#7 0x081f9733 in serialize_zval (val=0x87331b8, param=0x874bad0,
paramName=0x874afb0 "searchDescription", style=1,
parent=0x873dd50)
at /dat/dev/php/php-5.1dev/ext/soap/soap.c:4162
#8 0x081f9634 in serialize_parameter (param=0x874bad0,
param_val=0x87331b8,
index=1, name=0x0, style=1, parent=0x873dd50)
at /dat/dev/php/php-5.1dev/ext/soap/soap.c:4135
#9 0x081f8aa6 in serialize_function_call (this_ptr=0x87330b0,
function=0x874bc80, function_name=0x0,
uri=0x874bca8 "urn:PanWebServices.PangaVista",
arguments=0x874e490,
arg_count=5, version=1, soap_headers=0x0)
at /dat/dev/php/php-5.1dev/ext/soap/soap.c:3970
#10 0x081f2546 in do_soap_call (this_ptr=0x87330b0,
function=0x8739fd8 "advSearch", function_len=9, arg_count=5,
real_args=0x874e490, return_value=0x87395a8,
location=0x874ced8 "http://ws.pangaea.de/ws/services/PangaVista";,
soap_action=0x0, call_uri=0x0, soap_headers=0x0,
output_headers=0x0)
at /dat/dev/php/php-5.1dev/ext/soap/soap.c:2477
#11 0x081f3a77 in zif_SoapClient___call (ht=2, return_value=0x87395a8,
return_value_ptr=0x0, this_ptr=0x87330b0, return_value_used=1)
at /dat/dev/php/php-5.1dev/ext/soap/soap.c:2691
#12 0x0837be40 in zend_call_function (fci=0xbf8fb374,
fci_cache=0xbf8fb348)
at /dat/dev/php/php-5.1dev/Zend/zend_execute_API.c:952
#13 0x0839b6ab in zend_call_method (object_pp=0xbf8fb42c,
obj_ce=0x8703ea0,
fn_proxy=0x8703fbc, function_name=0x85a6318 "__call",
function_name_len=6,
retval_ptr_ptr=0xbf8fb3ec, param_count=2, arg1=0x8739810,
arg2=0x87398e8)
at /dat/dev/php/php-5.1dev/Zend/zend_interfaces.c:88
#14 0x083a3008 in zend_std_call_user_call (ht=5,
return_value=0x8739928,
return_value_ptr=0x0, this_ptr=0x87330b0, return_value_used=1)
at /dat/dev/php/php-5.1dev/Zend/zend_object_handlers.c:634
#15 0x083a6871 in execute_internal (execute_data_ptr=0xbf8fb774,
return_value_used=1) at
/dat/dev/php/php-5.1dev/Zend/zend_execute.c:1368
#16 0xb76d0671 in xdebug_execute_internal
(current_execute_data=0xbf8fb774,
return_value_used=1) at /dat/dev/php/xdebug/xdebug.c:1428
#17 0x083a6eb2 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbf8fb774)
at zend_vm_execute.h:202
#18 0x083a7b5a in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbf8fb774)
at zend_vm_execute.h:322
#19 0x083a6a45 in execute (op_array=0x8732908) at zend_vm_execute.h:92
#20 0xb76d030d in xdebug_execute (op_array=0x8732908)
at /dat/dev/php/xdebug/xdebug.c:1366
#21 0x08387aed in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /dat/dev/php/php-5.1dev/Zend/zend.c:1109
#22 0x0833fdca in php_execute_script (primary_file=0xbf8fdc10)
at /dat/dev/php/php-5.1dev/main/main.c:1728
#23 0x083f7b74 in main (argc=2, argv=0xbf8fdd24)
at /dat/dev/php/php-5.1dev/sapi/cli/php_cli.c:1092
------------------------------------------------------------------------
[2006-04-14 14:57:07] [EMAIL PROTECTED]
But your idea was good. I tried it with a CLI script that calls the
same code in a for loop:
[EMAIL PROTECTED]:~/test$ php test.php
Loop: 0
Loop: 1
Illegal Instruction (core dumped)
Now i debug this...
(gdb) run test.php
Starting program: /pangaea/gnu/bin/php test.php
Loop: 0
Loop: 1
Program received signal SIGILL, Illegal instruction.
0x0071727c in ?? ()
(gdb) bt
#0 0x0071727c in ?? ()
#1 0x00717280 in ?? ()
Previous frame identical to this frame (corrupt stack?)
(gdb)
Compiling with/without --enable-debug does not show more info. But the
error is always SIGILL.
The code used for testing:
[EMAIL PROTECTED]:~/test$ cat test.php
<?php
for ($i=0; $i<20; $i++) {
echo "Loop: ".$i."\n";
$ws=new
SoapClient('http://ws.pangaea.de/ws/services/PangaVista?wsdl',array('encoding'=>'ISO-8859-1'));
$ua='test/1.0';
$sess=$ws->registerSession(NULL,$ua,'127.0.0.1',"PangaVista");
$search=new stdClass();
$search->queryString='grobe';
$res=$ws->advSearch($sess,$search,0,10,'thumb');
}
?>
------------------------------------------------------------------------
[2006-04-14 14:32:05] [EMAIL PROTECTED]
With CLI it works because CLI does not use the WSDL cache in memory
(after finishing the program it forgets its cache). The first call to
the webservice always works, even in the webserver.
------------------------------------------------------------------------
[2006-04-14 14:29:25] [EMAIL PROTECTED]
Did you try to run the same code using CLI ?
------------------------------------------------------------------------
[2006-04-14 13:31:21] [EMAIL PROTECTED]
When you read my mail you see that I CANNOT generate a backtrace
because:
a) the crash occurs on different locations (so I could send you about
20 different backtraces)
b) in most cases the stack is corrupt so no backtrace can be generated
If I had a backtrace I could fix it myself as I have done it in the
past. I know that the new caching code was submitted by andrei. I think
he knows what he has done. I would assign this bug to "andrei".
The error log shows in most cases the function name in which the crashs
occur.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/37083
--
Edit this bug report at http://bugs.php.net/?id=37083&edit=1
