SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION contains itself
| Bug #55323 | SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION contains itself | ||||
|---|---|---|---|---|---|
| Submitted: | 2011-07-30 08:43 UTC | Modified: | 2011-08-10 14:11 UTC | ||
| From: | webm4st0r at gmail dot com | Assigned: | dmitry (profile) | ||
| Status: | Closed | Package: | SOAP related | ||
| PHP Version: | Irrelevant | OS: | Any | ||
| Private report: | No | CVE-ID: | None | ||
[2011-07-30 08:43 UTC] webm4st0r at gmail dot com
Description: ------------ While running a soap client in wsdl mode, if the response of a call contains an element which is an extension, and it contains itself, an infinite loop occurs in resulting in a segmentation fault. The provided patch is against 5.3.6, does not produce the expected results (but does not segfault), and causes other tests to fail, but it identifies where the problem is (to_zval_object_ex). I've confirmed that this also occurs in previous versions. Test script: --------------- Test script: http://soapbug.privatepaste.com/700d21fc7f WSDL: http://soapbug.privatepaste.com/4d7e882d61 XSD: http://soapbug.privatepaste.com/43f7a3e274 Expected result: ---------------- object(stdClass)#%d (2) { ["accountId"]=> int(1234) ["parent"]=> *RECURSION* } } Actual result: -------------- Segmentation fault
Patches
php_encoding.c (last revision 2011-08-01 23:49 UTC by webm4st0r at gmail dot com)Pull Requests
History
AllCommentsChangesGit/SVN commits
[2011-08-01 23:51 UTC] webm4st0r at gmail dot com
[2011-08-05 05:44 UTC] dmitry@php.net
-Assigned To: +Assigned To: dmitry
[2011-08-10 14:11 UTC] dmitry@php.net
-Status: Assigned +Status: Closed