|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-03-09 08:07 UTC] MageOfChrisz at Gmail dot com
Description: ------------ (Most of what I say here can be found at http://chrisallan.info/segfault/) When putting "xml_parser_free" in a function assigned to the XML parser with xml_set_element_handler, Apache/PHP Gives a Segmentation Fault. The only browser that you can feasibly see it blow up, would be in lynx. In FireFox, if you're at www.google.com and type in the link to the file (http://chrisallan.info/segfault/function_example.php) it will still show google.com and fail to load the new page. A similar result occurs with Internet Explorer, but in Lynx it'll say: "Alert!: Unexpected Network read error; connection aborted;" I made a PHP5.0.4-dev build (as of Mar 09, 2005 05:30 GMT) from snaps.php.net. This was originally discovered in PHP 5.0.3, and then tested in PHP5.0.4-dev Reproduce code: --------------- You can find the code (neatly) here: http://chrisallan.info/segfault/ Expected result: ---------------- Some sort of error telling me not to do what I was doing (due to lack of sleep) or the xml resource actually being freed Actual result: -------------- Segmentation Fault PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 09:01:32 2024 UTC |
Starting program: /usr/src/dev/php-src/sapi/cli/php /www/function_example.php [Thread debugging using libthread_db enabled] [New Thread 1080248256 (LWP 30048)] <foo bar="example" /> Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1080248256 (LWP 30048)] 0x08225b82 in _xml_endElementHandler (userData=0x85813ac, name=0x856fd68 "foo") at /usr/src/dev/php-src/ext/xml/xml.c:768 768 add_assoc_string(*(parser->ctag),"type","complete",1); (gdb) bt #0 0x08225b82 in _xml_endElementHandler (userData=0x85813ac, name=0x856fd68 "foo") at /usr/src/dev/php-src/ext/xml/xml.c:768 #1 0x08228569 in _end_element_handler (user=0x8582164, name=0x857cf5f "foo") at /usr/src/dev/php-src/ext/xml/compat.c:143 #2 0x40551d57 in xmlParseTryOrFinish (ctxt=0x857fe68, terminate=0) at parser.c:9261 #3 0x4055288f in xmlParseChunk__internal_alias (ctxt=0x857fe68, chunk=0x857ce4c "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?> \n<php> \n <example> \n <foo bar=\"example\" /> \n </example> \n</php> ", size=139963800, terminate=0) at parser.c:9872 #4 0x08228ccc in php_XML_Parse (parser=0x8582164, data=0x857ce4c "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?> \n<php> \n <example> \n <foo bar=\"example\" /> \n </example> \n</php> ", data_len=113, is_final=0) at /usr/src/dev/php-src/ext/xml/compat.c:512 #5 0x08227114 in zif_xml_parse (ht=2, return_value=0x857cef4, this_ptr=0x0, return_value_used=0) at /usr/src/dev/php-src/ext/xml/xml.c:1333 #6 0x08293dec in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffcbb0) at zend_vm_execute.h:175 #7 0x08296890 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfffcbb0) at zend_vm_execute.h:1535 #8 0x08293b06 in execute (op_array=0x857ac9c) at zend_vm_execute.h:78 #9 0x0826f69f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/dev/php-src/Zend/zend.c:1058 #10 0x0822d0c9 in php_execute_script (primary_file=0xbfffefe0) at /usr/src/dev/php-src/main/main.c:1642 #11 0x082e2db9 in main (argc=2, argv=0xbffff0b4) at /usr/src/dev/php-src/sapi/cli/php_cli.c:944 (gdb) p *parser $1 = {index = 1515870810, case_folding = 1515870810, parser = 0x5a5a5a5a, target_encoding = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>, startElementHandler = 0x5a5a5a5a, endElementHandler = 0x5a5a5a5a, characterDataHandler = 0x5a5a5a5a, processingInstructionHandler = 0x5a5a5a5a, defaultHandler = 0x5a5a5a5a, unparsedEntityDeclHandler = 0x5a5a5a5a, notationDeclHandler = 0x5a5a5a5a, externalEntityRefHandler = 0x5a5a5a5a, unknownEncodingHandler = 0x5a5a5a5a, startNamespaceDeclHandler = 0x5a5a5a5a, endNamespaceDeclHandler = 0x5a5a5a5a, startElementPtr = 0x5a5a5a5a, endElementPtr = 0x5a5a5a5a, characterDataPtr = 0x5a5a5a5a, processingInstructionPtr = 0x5a5a5a5a, defaultPtr = 0x5a5a5a5a, unparsedEntityDeclPtr = 0x5a5a5a5a, notationDeclPtr = 0x5a5a5a5a, externalEntityRefPtr = 0x5a5a5a5a, unknownEncodingPtr = 0x5a5a5a5a, startNamespaceDeclPtr = 0x5a5a5a5a, endNamespaceDeclPtr = 0x5a5a5a5a, object = 0x5a5a5a5a, data = 0x5a5a5a5a, info = 0x5a5a5a5a, level = 1515870810, toffset = 1515870810, curtag = 1515870810, ctag = 0x5a5a5a5a, ltags = 0x5a5a5a5a, lastwasopen = 1515870810, skipwhite = 1515870810, baseURI = 0x5a5a5a5a <Address 0x5a5a5a5a out of bounds>}