bug54911.phpt

Dmitry Stogov Mon, 28 Nov 2011 06:21:05 -0800

dmitry                                   Mon, 28 Nov 2011 14:20:35 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=320113


Log:
Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause 
Segmentation Fault)

Bug: https://bugs.php.net/54911 (Assigned) Access to a undefined member in 
inherit SoapClient may cause Segmentation Fault
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/soap/soap.c
    A   php/php-src/branches/PHP_5_3/ext/soap/tests/bugs/bug54911.phpt
    U   php/php-src/branches/PHP_5_4/ext/soap/soap.c
    A   php/php-src/branches/PHP_5_4/ext/soap/tests/bugs/bug54911.phpt
    U   php/php-src/trunk/ext/soap/soap.c
    A   php/php-src/trunk/ext/soap/tests/bugs/bug54911.phpt

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS	2011-11-28 14:13:54 UTC (rev 320112)
+++ php/php-src/branches/PHP_5_3/NEWS	2011-11-28 14:20:35 UTC (rev 320113)
@@ -80,6 +80,8 @@
     is >0). (Ilia)

 - SOAP
+  . Fixed bug #54911 (Access to a undefined member in inherit SoapClient may
+    cause Segmentation Fault). (Dmitry)
   . Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL:
     Extra content at the end of the doc, when server uses chunked transfer
     encoding with spaces after chunk size). (Dmitry)

Modified: php/php-src/branches/PHP_5_3/ext/soap/soap.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/soap/soap.c	2011-11-28 14:13:54 UTC (rev 320112)
+++ php/php-src/branches/PHP_5_3/ext/soap/soap.c	2011-11-28 14:20:35 UTC (rev 320113)
@@ -99,6 +99,7 @@
 	zend_bool _old_in_compilation = CG(in_compilation); \
 	zend_bool _old_in_execution = EG(in_execution); \
 	zend_execute_data *_old_current_execute_data = EG(current_execute_data); \
+	void **_old_stack_top = EG(argument_stack)->top; \
 	int _bailout = 0;\
 	SOAP_GLOBAL(use_soap_error_handler) = 1;\
 	SOAP_GLOBAL(error_code) = "Client";\
@@ -115,6 +116,16 @@
 		    !instanceof_function(Z_OBJCE_P(EG(exception)), soap_fault_class_entry TSRMLS_CC)) {\
 			_bailout = 1;\
 		}\
+		if (_old_stack_top != EG(argument_stack)->top) { \
+			while (EG(argument_stack)->prev != NULL && \
+			       ((char*)_old_stack_top < (char*)EG(argument_stack) || \
+			        (char*) _old_stack_top > (char*)EG(argument_stack)->end)) { \
+				zend_vm_stack tmp = EG(argument_stack)->prev; \
+				efree(EG(argument_stack)); \
+				EG(argument_stack) = tmp; \
+			} \
+			EG(argument_stack)->top = _old_stack_top; \
+		} \
 	} zend_end_try();\
 	SOAP_GLOBAL(use_soap_error_handler) = _old_handler;\
 	SOAP_GLOBAL(error_code) = _old_error_code;\

Added: php/php-src/branches/PHP_5_3/ext/soap/tests/bugs/bug54911.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/soap/tests/bugs/bug54911.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/soap/tests/bugs/bug54911.phpt	2011-11-28 14:20:35 UTC (rev 320113)
@@ -0,0 +1,22 @@
+--TEST--
+Bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+    class XSoapClient extends SoapClient {
+        function __doRequest($request, $location, $action, $version, $one_way=false) {
+            echo self::$crash;
+        }
+    }
+    $client = new XSoapClient(null, array('uri'=>'', 'location'=>''));
+    $client->__soapCall('', array());
+?>
+--EXPECTF--
+Fatal error: Uncaught SoapFault exception: [Client] Access to undeclared static property: XSoapClient::$crash in %sbug54911.php:4
+Stack trace:
+#0 %sbug54911.php(4): XSoapClient::__doRequest()
+#1 [internal function]: XSoapClient->__doRequest('<?xml version="...', '', '#', 1, 0)
+#2 %sbug54911.php(8): SoapClient->__soapCall('', Array)
+#3 {main}
+  thrown in %sbug54911.php on line 4
\ No newline at end of file

Modified: php/php-src/branches/PHP_5_4/ext/soap/soap.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/soap/soap.c	2011-11-28 14:13:54 UTC (rev 320112)
+++ php/php-src/branches/PHP_5_4/ext/soap/soap.c	2011-11-28 14:20:35 UTC (rev 320113)
@@ -93,6 +93,7 @@
 	zend_bool _old_in_compilation = CG(in_compilation); \
 	zend_bool _old_in_execution = EG(in_execution); \
 	zend_execute_data *_old_current_execute_data = EG(current_execute_data); \
+	void **_old_stack_top = EG(argument_stack)->top; \
 	int _bailout = 0;\
 	SOAP_GLOBAL(use_soap_error_handler) = 1;\
 	SOAP_GLOBAL(error_code) = "Client";\
@@ -109,6 +110,16 @@
 		    !instanceof_function(Z_OBJCE_P(EG(exception)), soap_fault_class_entry TSRMLS_CC)) {\
 			_bailout = 1;\
 		}\
+		if (_old_stack_top != EG(argument_stack)->top) { \
+			while (EG(argument_stack)->prev != NULL && \
+			       ((char*)_old_stack_top < (char*)EG(argument_stack) || \
+			        (char*) _old_stack_top > (char*)EG(argument_stack)->end)) { \
+				zend_vm_stack tmp = EG(argument_stack)->prev; \
+				efree(EG(argument_stack)); \
+				EG(argument_stack) = tmp; \
+			} \
+			EG(argument_stack)->top = _old_stack_top; \
+		} \
 	} zend_end_try();\
 	SOAP_GLOBAL(use_soap_error_handler) = _old_handler;\
 	SOAP_GLOBAL(error_code) = _old_error_code;\

Added: php/php-src/branches/PHP_5_4/ext/soap/tests/bugs/bug54911.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/soap/tests/bugs/bug54911.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/soap/tests/bugs/bug54911.phpt	2011-11-28 14:20:35 UTC (rev 320113)
@@ -0,0 +1,22 @@
+--TEST--
+Bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+    class XSoapClient extends SoapClient {
+        function __doRequest($request, $location, $action, $version, $one_way=false) {
+            echo self::$crash;
+        }
+    }
+    $client = new XSoapClient(null, array('uri'=>'', 'location'=>''));
+    $client->__soapCall('', array());
+?>
+--EXPECTF--
+Fatal error: Uncaught SoapFault exception: [Client] Access to undeclared static property: XSoapClient::$crash in %sbug54911.php:4
+Stack trace:
+#0 %sbug54911.php(4): XSoapClient::__doRequest()
+#1 [internal function]: XSoapClient->__doRequest('<?xml version="...', '', '#', 1, 0)
+#2 %sbug54911.php(8): SoapClient->__soapCall('', Array)
+#3 {main}
+  thrown in %sbug54911.php on line 4
\ No newline at end of file

Modified: php/php-src/trunk/ext/soap/soap.c
===================================================================
--- php/php-src/trunk/ext/soap/soap.c	2011-11-28 14:13:54 UTC (rev 320112)
+++ php/php-src/trunk/ext/soap/soap.c	2011-11-28 14:20:35 UTC (rev 320113)
@@ -93,6 +93,7 @@
 	zend_bool _old_in_compilation = CG(in_compilation); \
 	zend_bool _old_in_execution = EG(in_execution); \
 	zend_execute_data *_old_current_execute_data = EG(current_execute_data); \
+	void **_old_stack_top = EG(argument_stack)->top; \
 	int _bailout = 0;\
 	SOAP_GLOBAL(use_soap_error_handler) = 1;\
 	SOAP_GLOBAL(error_code) = "Client";\
@@ -109,6 +110,16 @@
 		    !instanceof_function(Z_OBJCE_P(EG(exception)), soap_fault_class_entry TSRMLS_CC)) {\
 			_bailout = 1;\
 		}\
+		if (_old_stack_top != EG(argument_stack)->top) { \
+			while (EG(argument_stack)->prev != NULL && \
+			       ((char*)_old_stack_top < (char*)EG(argument_stack) || \
+			        (char*) _old_stack_top > (char*)EG(argument_stack)->end)) { \
+				zend_vm_stack tmp = EG(argument_stack)->prev; \
+				efree(EG(argument_stack)); \
+				EG(argument_stack) = tmp; \
+			} \
+			EG(argument_stack)->top = _old_stack_top; \
+		} \
 	} zend_end_try();\
 	SOAP_GLOBAL(use_soap_error_handler) = _old_handler;\
 	SOAP_GLOBAL(error_code) = _old_error_code;\

Added: php/php-src/trunk/ext/soap/tests/bugs/bug54911.phpt
===================================================================
--- php/php-src/trunk/ext/soap/tests/bugs/bug54911.phpt	                        (rev 0)
+++ php/php-src/trunk/ext/soap/tests/bugs/bug54911.phpt	2011-11-28 14:20:35 UTC (rev 320113)
@@ -0,0 +1,22 @@
+--TEST--
+Bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+    class XSoapClient extends SoapClient {
+        function __doRequest($request, $location, $action, $version, $one_way=false) {
+            echo self::$crash;
+        }
+    }
+    $client = new XSoapClient(null, array('uri'=>'', 'location'=>''));
+    $client->__soapCall('', array());
+?>
+--EXPECTF--
+Fatal error: Uncaught SoapFault exception: [Client] Access to undeclared static property: XSoapClient::$crash in %sbug54911.php:4
+Stack trace:
+#0 %sbug54911.php(4): XSoapClient::__doRequest()
+#1 [internal function]: XSoapClient->__doRequest('<?xml version="...', '', '#', 1, 0)
+#2 %sbug54911.php(8): SoapClient->__soapCall('', Array)
+#3 {main}
+  thrown in %sbug54911.php on line 4
\ No newline at end of file

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/soap/soap.c branches/PHP_5_3/ext/soap/tests/bugs/bug54911.phpt branches/PHP_5_4/ext/soap/soap.c branches/PHP_5_4/ext/soap/tests/bugs/bug54911.phpt trunk/ext/soap/soap.c trunk/ext/soap/tests/bugs/bug54911.phpt

Reply via email to