From dc5b3231dc607afb73613da56f912fd5152e0532 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Wed, 10 Aug 2011 13:44:48 +0000 Subject: [PATCH] Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION contains itself) --- ext/soap/php_encoding.c | 39 +++++++++++++++++++++++- ext/soap/tests/bugs/bug55323.phpt | 45 ++++++++++++++++++++++++++++ ext/soap/tests/bugs/bug55323.wsdl | 50 +++++++++++++++++++++++++++++++ 3 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 ext/soap/tests/bugs/bug55323.phpt create mode 100644 ext/soap/tests/bugs/bug55323.wsdl diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index e87c84b263..5469d6d826 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -114,6 +114,26 @@ static void set_ns_and_type(xmlNodePtr node, encodeTypePtr type); } \ } +#define CHECK_XML_NULL(xml) \ + { \ + xmlAttrPtr null; \ + if (!xml) { \ + zval *ret; \ + ALLOC_INIT_ZVAL(ret); \ + ZVAL_NULL(ret); \ + return ret; \ + } \ + if (xml->properties) { \ + null = get_attribute(xml->properties, "nil"); \ + if (null) { \ + zval *ret; \ + ALLOC_INIT_ZVAL(ret); \ + ZVAL_NULL(ret); \ + return ret; \ + } \ + } \ + } + #define FIND_ZVAL_NULL(zval, xml, style) \ { \ if (!zval || Z_TYPE_P(zval) == IS_NULL) { \ @@ -338,6 +358,19 @@ static zend_bool soap_check_zval_ref(zval *data, xmlNodePtr node TSRMLS_DC) { return 0; } +static zval* soap_find_xml_ref(xmlNodePtr node TSRMLS_DC) +{ + zval **data_ptr; + + if (SOAP_GLOBAL(ref_map) && + zend_hash_index_find(SOAP_GLOBAL(ref_map), (ulong)node, (void**)&data_ptr) == SUCCESS) { + Z_SET_ISREF_PP(data_ptr); + Z_ADDREF_PP(data_ptr); + return *data_ptr; + } + return NULL; +} + static zend_bool soap_check_xml_ref(zval **data, xmlNodePtr node TSRMLS_DC) { zval **data_ptr; @@ -1497,6 +1530,11 @@ static zval *to_zval_object_ex(encodeTypePtr type, xmlNodePtr data, zend_class_e sdlType->encode->details.sdl_type->kind != XSD_TYPEKIND_LIST && sdlType->encode->details.sdl_type->kind != XSD_TYPEKIND_UNION) { + CHECK_XML_NULL(data); + if ((ret = soap_find_xml_ref(data TSRMLS_CC)) != NULL) { + return ret; + } + if (ce != ZEND_STANDARD_CLASS_DEF_PTR && sdlType->encode->to_zval == sdl_guess_convert_zval && sdlType->encode->details.sdl_type != NULL && @@ -1510,7 +1548,6 @@ static zval *to_zval_object_ex(encodeTypePtr type, xmlNodePtr data, zend_class_e } else { ret = master_to_zval_int(sdlType->encode, data TSRMLS_CC); } - FIND_XML_NULL(data, ret); if (soap_check_xml_ref(&ret, data TSRMLS_CC)) { return ret; } diff --git a/ext/soap/tests/bugs/bug55323.phpt b/ext/soap/tests/bugs/bug55323.phpt new file mode 100644 index 0000000000..7855dd845a --- /dev/null +++ b/ext/soap/tests/bugs/bug55323.phpt @@ -0,0 +1,45 @@ +--TEST-- +Bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION contains itself) +--SKIPIF-- + +--FILE-- + + + + + 1234 + + + + + +EOF; + } + +} + +$soapClient = new TestSoapClient($wsdl, + array('trace' => 1, 'exceptions' => 0)); +$result = $soapClient->getObject(); +var_dump($result); +?> +--EXPECTF-- +object(stdClass)#%d (2) { + ["accountId"]=> + int(1234) + ["parent"]=> + *RECURSION* +} diff --git a/ext/soap/tests/bugs/bug55323.wsdl b/ext/soap/tests/bugs/bug55323.wsdl new file mode 100644 index 0000000000..c260d34f4e --- /dev/null +++ b/ext/soap/tests/bugs/bug55323.wsdl @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- 2.40.0