PHP :: Bug #41702 :: php5 crashes when issuing an XPath query that incorrectly uses the XPath contai

Bug #41702	php5 crashes when issuing an XPath query that incorrectly uses the XPath contai
Submitted:	2007-06-15 14:54 UTC	Modified:	2007-06-15 16:29 UTC
From:	wendell at bani dot com dot br	Assigned:
Status:	Closed	Package:	DOM XML related
PHP Version:	5.2.3	OS:	Linux Ubuntu Feisty
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2007-06-15 14:54 UTC] wendell at bani dot com dot br

Description:
------------
Bug reported in Ubuntu (http://launchpad.net/bugs/103027):

See the attached PHP script for an example that will crash PHP.

This could be (is likely to be?) a bug in libxml2, but I'm not one to make that call.



Reproduce code:
---------------
<?php
$dom = new DomDocument();
$dom->loadHTML(
  "<html>
    <table>
      <tr><td>Cancellation of blabla</td></tr>
    </table>
    <table>
      <tr><td>second table</td></tr>
    </table>
    <table>
      <tr><td>third table</td></tr>
    </table>
  </html>");

$xp = new DomXPath($dom);

$matches = $xp->query("//table[contains('second')]");
?>

Actual result:
--------------
0  0xb7aaba16 in malloc_consolidate () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7aade38 in _int_malloc () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7aaeef5 in _int_realloc () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7ab108e in realloc () from /lib/tls/i686/cmov/libc.so.6
#4  0xb7bf7dba in ?? () from /usr/lib/libxml2.so.2
#5  0x086dee70 in ?? ()
#6  0x00000370 in ?? ()
#7  0xbff075e8 in ?? ()
#8  0xb7bf58ec in ?? () from /usr/lib/libxml2.so.2
#9  0x00000000 in ?? ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-06-15 15:30 UTC] scottmac@php.net

I can't reproduce this on my test box, it's linked against libxml2 version 2.6.28.

The version on your bug report in launchpad says 5.2.1 but you've selected 5.2.3 in the report here, did you correctly test with the latest version of PHP which is 5.2.3?

[2007-06-15 16:22 UTC] mathiaz at ubuntu dot com

I've tested with both version of php :

 * 5.2.1 crashes with the following messages in apache error_log:
 child pid 4314 exit signal Segmentation fault (11)

I think this is what is reported in http://launchpad.net/bugs/103027.

 * 5.2.3 doesn't crash. I get the following messages :
Warning: DOMXPath::query() [function.DOMXPath-query]: Invalid number of arguments in /home/mathiaz/public_html/test.php on line 19
Warning: DOMXPath::query() [function.DOMXPath-query]: Invalid expression in /home/mathiaz/public_html/test.php on line 19

Does this mean that the issues is fixed in 5.2.3 ?

Thanks.

[2007-06-15 16:26 UTC] wendell at bani dot com dot br

No, i've tested with 5.2.1.

As Mathiaz asked, does this mean this is fixed in 5.2.3?

[2007-06-15 16:29 UTC] scottmac@php.net

If it shows an error message rather than crashing which is expected with an invalid query then I think that would suggest its been fixed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 17 11:01:34 2024 UTC