PHP :: Bug #18883 :: Crush when generating large XML documents using dom

Bug #18883

Crush when generating large XML documents using dom_xml under Apache

Submitted:

2002-08-13 10:11 UTC

Modified:

2002-08-14 17:25 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

ed at avi dot ru

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

4.2.2

OS:

Windows 98

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ed at avi dot ru
New email:
PHP Version:		OS:

New Comment:

[2002-08-13 10:11 UTC] ed at avi dot ru

The problem occurs when running the following code:

<?PHP

	$doc = domxml_new_doc ('1.0');

	$root = $doc->append_child ($doc->create_element ('root'));

	for ($i = 0; $i < 10; $i++) {
		$node = $root->append_child ($doc->create_element ('top_node_' . $i));
		for ($j = 0; $j < 10; $j++) {
			$child = $node->append_child ($doc->create_element (sprintf ('node_%s_%s', $i, $j)));
			for ($k = 0; $k < 10; $k++)
				$child->set_attribute (sprintf ('attribute_%s', $k), $i . "_" . $j . "_" . $k);
		}
	}

	print ($doc->dump_mem ());

?>

Apache 1.3.24 crushes with the following message (translated from Russian):

Program APACHE did crush when accessing memory page in module PHP4TS.DLL in adress 015f:1009c557.
Registers:
EAX=0529a2a0 CS=015f EIP=1009c557 EFLGS=00010206
EBX=007b82e0 SS=0167 ESP=01a3f998 EBP=01a3fac4
ECX=01a3f9a8 DS=0167 ESI=01a3f9a8 FS=6e0f
EDX=01a3f9f4 ES=0167 EDI=007b82e0 GS=6ff6
Bytes on address CS:EIP:
66 ff 48 0a 8b 06 66 8b 48 0a 66 85 c9 75 30 50 
Stack content:
007e9050 012b1b0a 01a3f9a8 012b1b7f 0529a2a0 007e9810 012b1b50 007e97b0 007e98d0 012b1b32 007e9810 007e9970 012b1b32 007e98d0 007e99f0 012b1ac4 

The same problem had occured on earlier versions of Apache/PHP, and had been tested on several machines.

If you try to decrement the number of 'for' cycles, the script will generate correct output. On FreeBSD system this script works correctly.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-13 10:22 UTC] jtate@php.net

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.

Please try the latest development version of PHP.  This was fixed some time ago, but has not made it into the release yet.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon May 20 15:01:36 2024 UTC