|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2015-06-09 08:49 UTC] moltesalt at gmail dot com
Description: ------------ The XSLTProcessor class missed a few checks on the input from the libxslt library. The valuePop() function call able to return with NULL pointer and php does not check that. These checks missed in xsltprocessor.c lines 304-305 and on lines 239-240 in the same function. http://lxr.php.net/xref/PHP_5_6/ext/xsl/xsltprocessor.c#305 All php versions affected, including trunk. Expected result: ---------------- $ php -f xpath.php Warning: XSLTProcessor::transformToXml(): xmlXPathCompOpEval: function d not found in xpath.php on line 31 Warning: XSLTProcessor::transformToXml(): Unregistered function in xpath.php on line 31 Warning: XSLTProcessor::transformToXml(): Stack usage errror in xpath.php on line 31 Actual result: -------------- $ php -f xpath.php Warning: XSLTProcessor::transformToXml(): xmlXPathCompOpEval: function d not found in xpath.php on line 31 Warning: XSLTProcessor::transformToXml(): Unregistered function in xpath.php on line 31 Warning: XSLTProcessor::transformToXml(): Stack usage errror in xpath.php on line 31 Segmentation fault PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 11:00:01 2025 UTC |
the original report had these attachments for reproducing the issue: xpath.php : <?php $language=trim(file_get_contents("php://stdin")); $xml = "xpath.xml"; $xsl = "xpath.xsl"; //$COUNTRY_PREFIX="string"; //$xsl = str_replace('$language', "$language", file_get_contents("xpath.xsl")); function fileToDOMDoc($filename) { global $language; $dom= new DOMDocument; $xmldata = file_get_contents($filename); $xmldata = str_replace("&", "&", $xmldata); // disguise &s going IN to loadXML() $xmldata = str_replace('$language', "$language", $xmldata); $dom->substituteEntities = true; // collapse &s going OUT to transformToXML() $dom->loadXML($xmldata); return $dom; } $xmldoc = fileToDOMDoc($xml); $xsldoc = fileToDOMDoc($xsl); $proc = new XSLTProcessor(); //$proc->setParameter("", "language", $language); //$proc->setParameter("", "COUNTRY_PREFIX", "lofasz"); $proc->registerPHPFunctions(); $proc->importStyleSheet($xsldoc); echo $proc->transformToXML($xmldoc); ?> xpath.xml : <allusers> <user> <uid>bob</uid> </user> <user> <uid>joe</uid> </user> </allusers> xpath.xsl : <?xml version="1.0" encoding="iso-8859-1"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"> <xsl:output method="xml" encoding="iso-8859-15" indent="yes"/> <xsl:param name="COUNTRY_PREFIX"/><xsl:param name="COMPANY_ID"/><xsl:param name="FOOTER_TEXT"/> <xsl:param name="language" /> <xsl:template match="allusers"> <html><body> <h2>Users</h2> <table> <xsl:for-each select="user"> <tr><td> <xsl:value-of disable-output-escaping="yes" select="php:function('ucfirst', $language)"/> </td></tr> </xsl:for-each> </table> </body></html> </xsl:template> </xsl:stylesheet>the attached test scripts are a bit messy, they have unnecessary lines, could be made more simple, and it actually had a bug (seems that passing the language data was originally meant to happen through passing it via XSLTProcessor->setParameter but was replaced with a simple str_replace() when loading the xsl file, but that was bugged: instead of $xmldata = str_replace('$language', "$language", $xmldata); you need $xmldata = str_replace('$language', "'$language'", $xmldata); then you can run the tests either interactively via typing en then sending ^D, or simply echo en|php -f xpath.php but here is the catch: I don't get the segmantation fault or any of those Warnings with 5.6.9 I suspect that the attached files are different what was actually used to reproduce the problem.