From: Dmitry Stogov <dmitry@php.net>
Date: Wed, 17 Oct 2007 12:09:03 +0000 (+0000)
Subject: Fixed possible crash because of uninitialized value (Zdash Urf)
X-Git-Tag: RELEASE_1_3_1~834
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=68bacdd79728fa3a95cc0bfb4a06af0aa08c2613;p=php

Fixed possible crash because of uninitialized value (Zdash Urf)
---

diff --git a/NEWS b/NEWS
index fa9108a9f0..34f9aa430a 100644
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,8 @@ PHP                                                                        NEWS
 - Improved and cleaned CGI code. FastCGI is now always enabled and can not be
   disabled. See sapi/cgi/CHANGES for more details. (Dmitry)
 
+- Fixed possible crash in ext/soap because of uninitialized value (Zdash Urf)
+
 - Fixed bug #42919 (Unserializing of namespaced class object fails). (Dmitry)
 - Fixed bug #42859 (import always conflicts with internal classes).
   (cellog@php.net, Dmitry)
diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c
index b48f61591b..df6b9cd6bd 100644
--- a/ext/soap/php_encoding.c
+++ b/ext/soap/php_encoding.c
@@ -1208,9 +1208,10 @@ static zval* get_zval_property(zval* object, char* name TSRMLS_DC)
 		zval *data;
 		zend_class_entry *old_scope;
 
+		INIT_PZVAL(&member);
 		ZVAL_STRING(&member, name, 0);
 		old_scope = EG(scope);
-	  EG(scope) = Z_OBJCE_P(object);
+		EG(scope) = Z_OBJCE_P(object);
 		data = Z_OBJ_HT_P(object)->read_property(object, &member, BP_VAR_IS TSRMLS_CC);
 		if (data == EG(uninitialized_zval_ptr)) {
 			/* Hack for bug #32455 */
@@ -1241,9 +1242,10 @@ static void unset_zval_property(zval* object, char* name TSRMLS_DC)
 		zval member;
 		zend_class_entry *old_scope;
 
+		INIT_PZVAL(&member);
 		ZVAL_STRING(&member, name, 0);
 		old_scope = EG(scope);
-	  EG(scope) = Z_OBJCE_P(object);
+		EG(scope) = Z_OBJCE_P(object);
 		Z_OBJ_HT_P(object)->unset_property(object, &member TSRMLS_CC);
 		EG(scope) = old_scope;
 	} else if (Z_TYPE_P(object) == IS_ARRAY) {
diff --git a/ext/soap/tests/classmap004.phpt b/ext/soap/tests/classmap004.phpt
new file mode 100755
index 0000000000..3b9d678e6a
--- /dev/null
+++ b/ext/soap/tests/classmap004.phpt
@@ -0,0 +1,66 @@
+--TEST--
+SOAP Classmap 4: encoding of objects with __get()
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+ini_set("soap.wsdl_cache_enabled",0);
+
+class A {
+  public $a;
+  function __construct($a){
+    $this->x = $a;
+  }
+  function __get($name) {
+    return @$this->a[$name];
+  }
+  function __set($name, $val) {
+    $this->a[$name] = $val;
+  }
+  function __unset($name) {
+    unset($this->a[$name]);
+  }
+}
+
+class B extends A {
+  function __construct($a){
+    parent::__construct($a);
+    $this->y = $a + 1;
+  }
+}
+
+function f(){
+  return new B(5);
+}
+
+class LocalSoapClient extends SoapClient {
+
+  function __construct($wsdl, $options) {
+    parent::__construct($wsdl, $options);
+    $this->server = new SoapServer($wsdl, $options);
+    $this->server->addFunction("f");
+  }
+
+  function __doRequest($request, $location, $action, $version) {
+    ob_start();
+    $this->server->handle($request);
+    $response = ob_get_contents();
+    ob_end_clean();
+    return $response;
+  }
+}
+
+$client = new LocalSoapClient(dirname(__FILE__)."/classmap003.wsdl",
+    array('classmap'=>array('A'=>'A','B'=>'B')));
+print_r($client->f());
+?>
+--EXPECT--
+B Object
+(
+    [a] => Array
+        (
+            [x] => 5
+            [y] => 6
+        )
+
+)