Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.14.0
Bug #11968 Causes a segfault in some cases
Submitted: 2007-09-03 14:45 UTC
From: shawarma Assigned: dufuz
Status: Closed Package: SOAP (version 0.11.0)
PHP Version: 5.2.3 OS: Ubuntu gutsy
Roadmaps: (Not assigned)    
Subscription  


 [2007-09-03 14:45 UTC] shawarma (Soren Hansen)
Description: ------------ SOAP seems to somehow be able to trigger a segmentation fault in PHP. We're tracking it at https://bugs.launchpad.net/ubuntu/+source/php5/+bug/113837 Test script: --------------- <?php class Service { } require_once('SOAP/Server.php'); $soap = new SOAP_Server(); $service = new Service(); $soap->addObjectMap($service,'urn:soapservice'); $soap->service($GLOBALS['HTTP_RAW_POST_DATA']); // <= here ?> Expected result: ---------------- I'm not the reporter of the Ubuntu bug, and haven't worked with SOAP, so I don't actually know what the code is supposed to do, but it's definitely not supposed to cause a segmentation fault :) Actual result: -------------- SIGSEGV

Comments

 [2007-09-03 14:51 UTC] shawarma (Soren Hansen)
I should comment that the problem looks two-fold: 1) SOAP is causing a segfault in PHP 2) It's possible to cause a segfault in PHP I don't expect you to fix 2), but you are in a much better position to pinpoint what exactly is triggering the segfault and hence report this issue to the php developers.
 [2008-03-22 11:33 UTC] doconnor (Daniel O'Connor)
Can you restest this with a newer PHP?
 [2008-03-25 10:02 UTC] shawarma (Soren Hansen)
It still happens with 5.2.3. That's the newest version I have available right now. It's really only a matter for putting the 10 lines of php code from the original report into a file and running php5 on it, so if you have a more recent version, you can test it yourself.
 [2008-04-04 18:35 UTC] jeremyhough (Jeremy Hough)
If you add "if ($name == 'backtrace') { return ''; }" at the beginning of _serializeValue(), you avoid the segfault in the test case. It appears there's no provision for recursive data structures, so the stack runs out of space eventually.
 [2008-07-05 00:40 UTC] dufuz (Helgi Þormar Þorbjörnsson)
This is a duplicate of Bug #11013 Use that report for any further comments
 [2008-07-05 02:06 UTC] dufuz (Helgi Þormar Þorbjörnsson)
The other report had a reporter that was unconfirmed - Keeping this one open instead.
 [2008-07-05 21:07 UTC] yunosh (Jan Schneider)
This only seems to happen with PHP 5.
 [2008-07-05 21:15 UTC] dufuz (Helgi Þormar Þorbjörnsson)
The test does not run out of memory for you on PHP 4 ?
 [2008-07-05 21:19 UTC] yunosh (Jan Schneider)
No, I get a proper SOAP fault back.
 [2008-07-15 13:25 UTC] yunosh (Jan Schneider)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. The problem was not the the empty service, but the soap fault which caused an endless loop during serialization. This has been fixed by disabling backtraces in faults by default.
 [2008-07-15 15:27 UTC] shawarma (Soren Hansen)
Excellent. Thanks, guys. That certainly fixes the issue.