php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #13717 Segfault in domxml
Submitted: 2001-10-17 14:07 UTC Modified: 2001-12-05 07:13 UTC
From: csollet at coleebris dot com Assigned:
Status: Closed Package: DOM XML related
PHP Version: 4.2.0 CVS-2001-12-5 OS: Linux 2.2.14 / Suse 6.4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: csollet at coleebris dot com
New email:
PHP Version: OS:

 

 [2001-10-17 14:07 UTC] csollet at coleebris dot com 
Tested with php4.0.7RC3 and latest cvs (-r PHP_4_0_7)

I haven't a simple script to reproduce since i use a complex sets of php class and the crash seems to occur after dom calls. Just some observations (and a backtrace) :

<?
class A
{
	function A()
	{
		// A lot of calls (new objects, class A methods, etc..)
		//  to build (and destroy)
		//  nodes into, at least, two dom tree

		//die("End of constructor");
	}
}

$b = new A;
// die("new instance created");

// Lots of code following.
?>

the real script crash but not if i uncomment the die at the end of the constructor.
 If i uncomment the die after "new A"  --> crash

Config :

./configure --with-apache=../apache_1.3.20 \
	--with-sybase-ct=/opt/sybase-12.5/OCS  \
	--enable-track_vars \
	--with-gd=/usr \
	--enable-debug  \
	--with-mysql \
	--with-curl=/usr/local \
	--enable-memory-limit \
	--with-db2 \
	--with-imap=/usr/local \
	--with-dom=/usr/local \
	--with-ldap=/usr/local \
	--with-mhash=/usr/local \
	--with-zlib \
	--enable-sysvsem \
	--enable-sysvshm \
	--with-png-dir=/usr \
	--with-jpeg-dir=/usr \
	--with-ttf=/usr \
	--enable-bcmath

tried with libmlx2..4.2 and libxml2.4.6

Backtrace :

Program received signal SIGSEGV, Segmentation fault.
0x80a7d69 in php_dom_get_object (wrapper=0x0, rsrc_type1=22, rsrc_type2=0) at php_domxml.c:600
600             if (Z_TYPE_P(wrapper) != IS_OBJECT) {
(gdb) bt
#0  0x80a7d69 in php_dom_get_object (wrapper=0x0, rsrc_type1=22, rsrc_type2=0) at php_domxml.c:600
#1  0x80aa500 in zif_domxml_node_unlink_node (ht=1, return_value=0x858f7cc, this_ptr=0x0, return_value_used=0) at php_domxml.c:1432
#2  0x81a924a in execute (op_array=0x84e3f44) at ./zend_execute.c:1590
#3  0x81a9428 in execute (op_array=0x8830f44) at ./zend_execute.c:1630
#4  0x81a9428 in execute (op_array=0x8393abc) at ./zend_execute.c:1630
#5  0x81829a9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:814
#6  0x80918a1 in php_execute_script (primary_file=0xbffff528) at main.c:1310
#7  0x818e99c in apache_php_module_main (r=0x83b364c, display_source_mode=0) at sapi_apache.c:90
#8  0x808dd5e in send_php ()
#9  0x808ddc6 in send_parsed_php ()
#10 0x81b3c39 in ap_invoke_handler ()
#11 0x81c91af in process_request_internal ()
#12 0x81c9222 in ap_process_request ()
#13 0x81bfe26 in child_main ()
#14 0x81bffe5 in make_child ()
#15 0x81c0166 in startup_children ()
#16 0x81c07ec in standalone_main ()
#17 0x81c101c in main ()
#18 0x40449a5e in __libc_start_main () at ../sysdeps/generic/libc-start.c:93

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-29 08:36 UTC] mfischer@php.net 
Please provide a short self-containing reproduceable script.

Feedback.
 [2001-12-05 07:13 UTC] csollet at coleebris dot com 
Can't reproduce with current CVS version :)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue May 06 11:01:30 2025 UTC