php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28771 Segfault when using xslt and clone
Submitted: 2004-06-14 11:00 UTC Modified: 2004-06-15 13:51 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: mbm at interflow dot dk Assigned:
Status: Closed Package: XSLT related
PHP Version: 5.0.0RC3 OS: FreeBSD 5.2
Private report: No CVE-ID: None
View Developer Edit
 [2004-06-14 11:00 UTC] mbm at interflow dot dk 
Description:
------------
This took us quite a while to locate, but when using xslt processor in colaboration with clone and then accesing the resulting domdocument you will end up with a segfault. This only seems to happen when used on cgi, not with cli (here anyways, it has been reproduced on rc1 cli). 
 We originally encountered this inside a rather big system so we tried to boil it down and the included script recreates the segfault. 
I've included a gdb backtrace - if you need aditional info feel free to mail me at mbm at interflow . dk.

Reproduce code:
---------------
$xmlString=<<<EOS
<?xml version="1.0" encoding="iso-8859-1"?>
<document>Test</document>
EOS;
$xslString = <<<EOS
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
</xsl:stylesheet>
EOS;
$xml = new DomDocument;
$xml->LoadXml($xmlString);
$xsl = new DomDocument;
$xsl->LoadXml($xslString);
$xsltProcessor = new XsltProcessor();
$xsltProcessor->ImportStylesheet($xsl);
$xml2 = $xsltProcessor->TransformToDoc($xml);
$xml2->SaveXml();
$xml3 = clone $xml2;
$list = $xml3->GetElementsByTagName('foo');

Expected result:
----------------
The included script should put a elementlist in $list, but it results in segmentation fault.
The reason for $xml2->SaveXml() is because the segmentationfault only seems to happen when we try to access anything in the resulting document from xsltprocessing before doing the clone.


Actual result:
--------------
(gdb) bt
#0  0x285cb7c7 in zend_objects_store_add_ref (object=0x814a568)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_objects_API.c:118
#1  0x285b2f33 in _zval_copy_ctor (zvalue=0x814a568, 
    __zend_filename=0x285e8260 "/usr/home/jacob/php-5.0.0RC3/ext/dom/php_dom.c", __zend_lineno=797) at /usr/home/jacob/php-5.0.0RC3/Zend/zend_variables.c:156
#2  0x2845a082 in dom_namednode_iter (basenode=0x814a198, ntype=0, 
    intern=0x814a410, ht=0x0, local=0x81de910 "foo", ns=0x0)
    at /usr/home/jacob/php-5.0.0RC3/ext/dom/php_dom.c:797
#3  0x2845d2e7 in zif_dom_document_get_elements_by_tag_name (ht=1, 
    return_value=0x814a3cc, this_ptr=0x814a108, return_value_used=1)
    at /usr/home/jacob/php-5.0.0RC3/ext/dom/document.c:1019
#4  0x285dc17a in zend_do_fcall_common_helper (execute_data=0xbfbfd380, 
    opline=0x814faf8, op_array=0x8148868)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_execute.c:2697
#5  0x285dc7bc in zend_do_fcall_by_name_handler (execute_data=0xbfbfd380, 
    opline=0x814faf8, op_array=0x8148868)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_execute.c:2808
#6  0x285d8737 in execute (op_array=0x8148868)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_execute.c:1389
#7  0x285b5045 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend.c:1061
#8  0x2856f6a7 in php_execute_script (primary_file=0xbfbfe9c0)
    at /usr/home/jacob/php-5.0.0RC3/main/main.c:1627
---Type <return> to continue, or q <return> to quit---
#9  0x285e5751 in php_handler (r=0x81f7050)
    at /usr/home/jacob/php-5.0.0RC3/sapi/apache2handler/sapi_apache2.c:556
#10 0x0806656c in ap_run_handler ()
#11 0x08066cc4 in ap_invoke_handler ()
#12 0x08062e97 in ap_process_request ()
#13 0x0805d5f4 in ap_process_http_connection ()
#14 0x08071bac in ap_run_process_connection ()
#15 0x08071f6c in ap_process_connection ()
#16 0x080648b7 in child_main ()
#17 0x080649a2 in make_child ()
#18 0x08064b28 in startup_children ()
#19 0x08064f6a in ap_mpm_run ()
#20 0x0806c9a3 in main ()
#21 0x0805d0a2 in _start ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-14 15:08 UTC] mbm at interflow dot dk 
After we recompiled php with debugoptions we started getting segfault in CLI as well.
 [2004-06-14 15:24 UTC] tumpen at fez dot dk 
Same thing happens for me in mandrake linux, as soon as GetElementsByTagName is called on the cloned instance, it segfaults.
 [2004-06-15 13:51 UTC] rrichards@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 08:01:29 2024 UTC