php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38410 PHP Interpreter Crash with schemaValidate on XML with CDATA sections.
Submitted: 2006-08-10 11:14 UTC Modified: 2006-09-06 22:03 UTC
From: adam at sccode dot com Assigned: edink (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.1.4 OS: Windows 2000/XP/2003
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: adam at sccode dot com
New email:
PHP Version: OS:

 

 [2006-08-10 11:14 UTC] adam at sccode dot com 
Description:
------------
Attempting to validate an XML document against a schema containing a CDATA section with whitespace preceeding the opening tag causes the PHP Interpreter to crash with an exception in Windows 2000/XP and 2003 on both IIS and Apache.

Example:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value>
		<![CDATA[ 
			test 
			]]>
	</value>
 
</test>

Validating the schema using xmllint with libxml 2.6.22 DLL works as expected and does not crash.


I found a similar, possibly the same bug (http://bugs.php.net/bug.php?id=37435&edit=2) which has been closed. As I could not reproduce it with xmllint, I figure that it must be the PHP interpreter.

Reproduce code:
---------------
crash-test.php:
<?php
    $xml = new DOMDocument('1.0');
    $xml->load('crash-test.xml');

    $xml->schemaValidate('crash-test.xsd'); // crash here
?>

crash-test.xml:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value>
		<![CDATA[ 
			test 
			]]>
	</value>
 
</test>

crash-test.xsd:
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema
	xmlns:xs="http://www.w3.org/2001/XMLSchema"
	targetNamespace="http://www.php.net/bugtests"
	 xmlns="http://www.php.net/bugtests"
	elementFormDefault="qualified">

	<xs:element name="test">
		<xs:complexType>
			<xs:sequence>	
				<xs:element maxOccurs="unbounded" name="value" type="xs:string" />
			</xs:sequence>
		</xs:complexType>
	</xs:element>	
</xs:schema>


Expected result:
----------------
validated schema

Actual result:
--------------
php interpreter crashes with exception

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-10 13:51 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Cannot reproduce.
 [2006-08-10 16:05 UTC] adam at sccode dot com 
Using the latest Windows Snapshot (5.2.0RC2-dev - Build: Aug 10 2006 16:15:11) I receive the same error. Note that removing the whitespace before the CDATA section does eliminate the problem and could be used as a workaround:

Crashes interpreter:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value>
		<![CDATA[ 
			test 
			]]>
	</value>
 
</test>

Works:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value><![CDATA[ 
			test 
			]]>
	</value>
 
</test>

As the XML specification allows for whitespace after tags, I don't think the interpreter should crash upon encountering these.
 [2006-08-10 16:49 UTC] tony2001@php.net 
I can reproduce it with libxml2-2.6.22, but not with libxml2-2.6.23. 
So, apparently this is libxml2 bug and win32 builds should use a newer libxml2 version (2.6.26 is the latest one at the moment).
 [2006-08-10 18:13 UTC] adam at sccode dot com 
I will attempt a build with libxml 2.6.26 and see what I come up with.
 [2006-09-06 22:03 UTC] edink@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 10 17:01:32 2025 UTC