]> granicus.if.org Git - php/commitdiff
Fixed bug #79357
authorNikita Popov <nikita.ppv@gmail.com>
Mon, 9 Mar 2020 13:59:59 +0000 (14:59 +0100)
committerNikita Popov <nikita.ppv@gmail.com>
Mon, 9 Mar 2020 14:01:31 +0000 (15:01 +0100)
Peculiarly, for once the cause was not SOAPs "interesting" error
handling, but a bug in the call trampoline for internal functions...

NEWS
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
ext/soap/tests/bug79357.phpt [new file with mode: 0644]
ext/soap/tests/bug79357.wsdl [new file with mode: 0644]

diff --git a/NEWS b/NEWS
index 7e6b0377d1bc79350fe69bcf439c729f4f4b43dd..0836b20688d10afa3afeb3602779f353fe1fba15 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,10 @@ PHP                                                                        NEWS
 
 ?? ??? ????, PHP 7.4.5
 
+- SOAP:
+  . Fixed bug #79357 (SOAP request segfaults when any request parameter is
+    missing). (Nikita)
+
 - Spl:
   . Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
 
index 26679777af159799630def67e7e3b3169740c8ba..0282c3c584f616469f4ebe6ad2847fbfc4eafe96 100644 (file)
@@ -8301,10 +8301,10 @@ ZEND_VM_HANDLER(158, ZEND_CALL_TRAMPOLINE, ANY, ANY)
                }
 
                if (ret == NULL) {
-                       ZVAL_NULL(&retval);
                        ret = &retval;
                }
 
+               ZVAL_NULL(ret);
                if (!zend_execute_internal) {
                        /* saves one function call if zend_execute_internal is not used */
                        fbc->internal_function.handler(call, ret);
index 4da5094a791e58fdb3e42c6a3f47d96345afa7ee..d79bdb1c1f21ab6c68a723c73908769bd3f8e984 100644 (file)
@@ -2806,10 +2806,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CALL_TRAMPOLINE_SPEC_HANDLER(Z
                }
 
                if (ret == NULL) {
-                       ZVAL_NULL(&retval);
                        ret = &retval;
                }
 
+               ZVAL_NULL(ret);
                if (!zend_execute_internal) {
                        /* saves one function call if zend_execute_internal is not used */
                        fbc->internal_function.handler(call, ret);
diff --git a/ext/soap/tests/bug79357.phpt b/ext/soap/tests/bug79357.phpt
new file mode 100644 (file)
index 0000000..da3cce5
--- /dev/null
@@ -0,0 +1,16 @@
+--TEST--
+Bug #79357: SOAP request segfaults when any request parameter is missing
+--FILE--
+<?php
+
+$sc = new SoapClient(__DIR__ . '/bug79357.wsdl');
+$res = $sc->Add(['intA'=>1]);
+var_dump($res);
+
+?>
+--EXPECTF--
+Fatal error: Uncaught SoapFault exception: [Client] SOAP-ERROR: Encoding: object has no 'intB' property in %s:%d
+Stack trace:
+#0 %s(%d): SoapClient->__call('Add', Array)
+#1 {main}
+  thrown in %s on line %d
diff --git a/ext/soap/tests/bug79357.wsdl b/ext/soap/tests/bug79357.wsdl
new file mode 100644 (file)
index 0000000..9b69a1c
--- /dev/null
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="utf-8"?>
+<wsdl:definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:tns="http://tempuri.org/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
+  <wsdl:types>
+    <s:schema elementFormDefault="qualified" targetNamespace="http://tempuri.org/">
+      <s:element name="Add">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="1" maxOccurs="1" name="intA" type="s:int" />
+            <s:element minOccurs="1" maxOccurs="1" name="intB" type="s:int" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:element name="AddResponse">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="1" maxOccurs="1" name="AddResult" type="s:int" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+    </s:schema>
+  </wsdl:types>
+  <wsdl:message name="AddSoapIn">
+    <wsdl:part name="parameters" element="tns:Add" />
+  </wsdl:message>
+  <wsdl:message name="AddSoapOut">
+    <wsdl:part name="parameters" element="tns:AddResponse" />
+  </wsdl:message>
+  <wsdl:portType name="CalculatorSoap">
+    <wsdl:operation name="Add">
+      <wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Adds two integers. This is a test WebService. ©DNE Online</wsdl:documentation>
+      <wsdl:input message="tns:AddSoapIn" />
+      <wsdl:output message="tns:AddSoapOut" />
+    </wsdl:operation>
+  </wsdl:portType>
+  <wsdl:binding name="CalculatorSoap" type="tns:CalculatorSoap">
+    <soap:binding transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Add">
+      <soap:operation soapAction="http://tempuri.org/Add" style="document" />
+      <wsdl:input>
+        <soap:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+  </wsdl:binding>
+  <wsdl:service name="Calculator">
+    <wsdl:port name="CalculatorSoap" binding="tns:CalculatorSoap">
+      <soap:address location="http://www.dneonline.com/calculator.asmx" />
+    </wsdl:port>
+  </wsdl:service>
+</wsdl:definitions>