|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-07-25 03:51 UTC] fujimura at wakhok dot ac dot jp
Description:
------------
ext/xml/xml.c:xml_call_handler() causes segmentation fault.
Reproduce code:
---------------
<?php
function startElement() { }
$parser = xml_parser_create();
xml_set_element_handler($parser, "startElement", "endElement");
xml_parse($parser, "<?xml version=\"1.0\"?><root />", true) OR die(xml_error_string(xml_get_error_code($parser)));
xml_parser_free($parser);
?>
Actual result:
--------------
[fujimura@loki public_html]$ gdb php
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-slackware-linux"...
(gdb) run xml_parse.php
Starting program: /usr/local/bin/php xml_parse.php
Program received signal SIGSEGV, Segmentation fault.
0x081e7e4c in _zval_ptr_dtor (zval_ptr=0xbfffc97c, __zend_filename=0x825e220 "/home/fujimura/php-src/ext/xml/xml.c", __zend_lineno=423)
at /home/fujimura/php-src/Zend/zend_execute_API.c:342
342 (*zval_ptr)->refcount--;
(gdb) bt
#0 0x081e7e4c in _zval_ptr_dtor (zval_ptr=0xbfffc97c, __zend_filename=0x825e220 "/home/fujimura/php-src/ext/xml/xml.c", __zend_lineno=423)
at /home/fujimura/php-src/Zend/zend_execute_API.c:342
#1 0x081ab079 in xml_call_handler (parser=0x40436988, handler=0x40436b7c, function_ptr=0x0, argc=2, argv=0xbfffc9b8)
at /home/fujimura/php-src/ext/xml/xml.c:423
#2 0x081abc7e in _xml_endElementHandler (userData=0x40436988, name=0x830f550 "root") at /home/fujimura/php-src/ext/xml/xml.c:753
#3 0x081ae851 in _end_element_handler (user=0x4042a0cc, name=0x830f410 "root") at /home/fujimura/php-src/ext/xml/compat.c:128
#4 0x402443be in xmlParseExtParsedEnt () from /usr/lib/libxml2.so.2
#5 0x40244db1 in xmlParseChunk () from /usr/lib/libxml2.so.2
#6 0x081aedc0 in php_XML_Parse (parser=0x4042a0cc, data=0x40437200 "<?xml version=\"1.0\"?><root />", data_len=29, is_final=1)
at /home/fujimura/php-src/ext/xml/compat.c:400
#7 0x081ad357 in zif_xml_parse (ht=3, return_value=0x40436c8c, this_ptr=0x0, return_value_used=1) at /home/fujimura/php-src/ext/xml/xml.c:1321
#8 0x08211156 in execute_internal (execute_data_ptr=0xbfffcdb0, return_value_used=1) at /home/fujimura/php-src/Zend/zend_execute.c:1143
#9 0x4074b276 in xdebug_execute_internal (current_execute_data=0xbfffcdb0, return_value_used=1) at /home/fujimura/xdebug-1.2.0/xdebug.c:782
#10 0x08215917 in zend_do_fcall_common_helper (execute_data=0xbfffcdb0, op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:2513
#11 0x08215feb in zend_do_fcall_handler (execute_data=0xbfffcdb0, op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:2642
#12 0x082112a8 in execute (op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:1192
#13 0x4074afcc in xdebug_execute (op_array=0x40435714) at /home/fujimura/xdebug-1.2.0/xdebug.c:750
#14 0x081f37d0 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fujimura/php-src/Zend/zend.c:1017
#15 0x081b4af8 in php_execute_script (primary_file=0xbffff5f0) at /home/fujimura/php-src/main/main.c:1568
#16 0x0821dec8 in main (argc=2, argv=0xbffff694) at /home/fujimura/php-src/sapi/cli/php_cli.c:910
#17 0x4030bbb4 in __libc_start_main () from /lib/libc.so.6
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Oct 26 23:00:02 2025 UTC |
> This bug has been fixed in CVS. I found another bug. xml_call_handler() causes...but I think it is different my first report. reproduce code: <?php class Handler { public function startElement() { } public function endElement() { } } $parser = xml_parser_create(); $handler = new Handler(); xml_set_element_handler($parser, array($handler, "startElement"), array($handler, "endElement")); xml_parse($parser, "<?xml version=\"1.0\"?><root />", true) OR die(xml_error_string(xml_get_error_code($parser))); xml_parser_free($parser); ?> actual: Segmentation Fault bt: [fujimura@loki public_html]$ gdb php GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-slackware-linux"... (gdb) run xml_parse.php Starting program: /usr/local/bin/php xml_parse.php Program received signal SIGSEGV, Segmentation fault. 0x081f8926 in _zend_is_inconsistent (ht=0x5a5a5a5a, file=0x8278880 "/home/fujimura/php-src/Zend/zend_hash.c", line=940) at /home/fujimura/php-src/Zend/zend_hash.c:53 53 if (ht->inconsistent==HT_OK) { (gdb) bt #0 0x081f8926 in _zend_is_inconsistent (ht=0x5a5a5a5a, file=0x8278880 "/home/fujimura/php-src/Zend/zend_hash.c", line=940) at /home/fujimura/php-src/Zend/zend_hash.c:53 #1 0x081fae4d in zend_hash_index_find (ht=0x5a5a5a5a, h=0, pData=0xbfffcc8c) at /home/fujimura/php-src/Zend/zend_hash.c:940 #2 0x081ab3f6 in xml_call_handler (parser=0x404367a8, handler=0x40436eb0, function_ptr=0x0, argc=2, argv=0xbfffccd8) at /home/fujimura/php-src/ext/xml/xml.c:415 #3 0x081ac077 in _xml_endElementHandler (userData=0x404367a8, name=0x830ca60 "root") at /home/fujimura/php-src/ext/xml/xml.c:751 #4 0x081aec49 in _end_element_handler (user=0x40436874, name=0x830c9c8 "root") at /home/fujimura/php-src/ext/xml/compat.c:128 #5 0x402443be in xmlParseExtParsedEnt () from /usr/lib/libxml2.so.2 #6 0x40244db1 in xmlParseChunk () from /usr/lib/libxml2.so.2 #7 0x081af1b8 in php_XML_Parse (parser=0x40436874, data=0x40436b3c "<?xml version=\"1.0\"?><root />", data_len=29, is_final=1) at /home/fujimura/php-src/ext/xml/compat.c:400 #8 0x081ad750 in zif_xml_parse (ht=3, return_value=0x40436c30, this_ptr=0x0, return_value_used=1) at /home/fujimura/php-src/ext/xml/xml.c:1319 #9 0x08215ec7 in zend_do_fcall_common_helper (execute_data=0xbfffd1e0, op_array=0x40435694) at /home/fujimura/php-src/Zend/zend_execute.c:2511 #10 0x082165ab in zend_do_fcall_handler (execute_data=0xbfffd1e0, op_array=0x40435694) at /home/fujimura/php-src/Zend/zend_execute.c:2644 #11 0x08211870 in execute (op_array=0x40435694) at /home/fujimura/php-src/Zend/zend_execute.c:1192 #12 0x081f3d94 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fujimura/php-src/Zend/zend.c:1017 #13 0x081b4ef0 in php_execute_script (primary_file=0xbffff5e0) at /home/fujimura/php-src/main/main.c:1568 #14 0x0821e534 in main (argc=2, argv=0xbffff684) at /home/fujimura/php-src/sapi/cli/php_cli.c:910 #15 0x4030bbb4 in __libc_start_main () from /lib/libc.so.6