PHP :: Bug #14123 :: segfault (possibly dom/xml/xslt related)

Bug #14123	segfault (possibly dom/xml/xslt related)
Submitted:	2001-11-19 14:51 UTC	Modified:	2002-06-03 18:19 UTC
From:	christopher dot k dot hall at mail dot sprint dot com	Assigned:
Status:	Closed	Package:	DOM XML related
PHP Version:	4.1.0RC1	OS:	linux redhat 7.0
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	christopher dot k dot hall at mail dot sprint dot com
New email:
PHP Version:		OS:

New Comment:

[2001-11-19 14:51 UTC] christopher dot k dot hall at mail dot sprint dot com

configure options:

./configure \
--cache-file=/dev/null \
--with-config-file-path=/usr/local/apache/conf \
--with-apxs=/usr/local/apache/bin/apxs \
--enable-trans-sid \
--enable-ftp \
--enable-track-vars \
--with-mysql=/usr/local/mysql \
--enable-libgcc \
--enable-debug \
--verbose \
--with-gd=shared \
--with-dom \
--with-ttf \
--with-xml \
--with-zlib \
--with-mhash \
--prefix=/usr/local/php \
--with-regex=system \
--enable-memory-limit \
--enable-sysvsem \
--enable-sysvshm \
--with-bz2 \
--with-gettext \
--with-jpeg-dir=/usr \
--with-xpm-dir=/usr/X11R6 \
--with-ldap \
--with-mm=/usr/local/mm \
--enable-exif \
--with-pcre-regex=/usr/local/lib \
--with-expat-dir=/usr \
--without-pgsql \
--enable-shmop \
--with-snmp \
--enable-sockets \
--with-pspell \
--with-pear \
--with-iconv \
--enable-mbstring \
--enable-mbstr-enc-trans \
--enable-xslt \
--with-xslt-sablot

error_log output:

php_domxml.c(2680) :  Freeing 0x083B9F14 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(450) :  Freeing 0x083B9ED4 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(446) :  Freeing 0x083B9DF4 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(480) :  Freeing 0x083B11A4 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
zend_hash.c(176) :  Freeing 0x083B783C (32 bytes), script=/home/gub/public_html/SOLR2/index.php
Last leak repeated 1 time
zend_hash.c(404) :  Freeing 0x083AD3F4 (35 bytes), script=/home/gub/public_html/SOLR2/index.php
Last leak repeated 3 times
php_domxml.c(551) :  Freeing 0x083ABC2C (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(547) :  Freeing 0x083ABB54 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(582) :  Freeing 0x083AA20C (12 bytes), script=/home/gub/public_html/SOLR2/index.php
zend_API.c(593) :  Freeing 0x083B120C (44 bytes), script=/home/gub/public_html/SOLR2/index.php
zend_API.c(581) : Actual location (location was relayed)
Last leak repeated 1 time

the above ALWAYS occurs, however, the segfault does NOT ALWAYS occur, i have to repeatedly reload the page.

backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x4032c0c7 in _zval_dtor (zvalue=0x82c77b4,
    __zend_filename=0x40412abc "zend_execute_API.c", __zend_lineno=268)
    at zend_variables.c:43
43                              CHECK_ZVAL_STRING_REL(zvalue);
(gdb) bt
#0  0x4032c0c7 in _zval_dtor (zvalue=0x82c77b4,
    __zend_filename=0x40412abc "zend_execute_API.c", __zend_lineno=268)
    at zend_variables.c:43
#1  0x40322e35 in _zval_ptr_dtor (zval_ptr=0x83880c0,
    __zend_filename=0x40412431 "zend_execute.h", __zend_lineno=114)
    at zend_execute_API.c:268
#2  0x40320c96 in zend_ptr_stack_clear_multiple () at zend_execute.h:114
#3  0x4031dbd7 in execute (op_array=0x8177fdc) at ./zend_execute.c:1665
#4  0x4031d8d7 in execute (op_array=0x836db94) at ./zend_execute.c:1630
#5  0x4031f8d2 in execute (op_array=0x827cadc) at ./zend_execute.c:2133
#6  0x4032dfe8 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:814
#7  0x403401a2 in php_execute_script (primary_file=0xbffff5f0) at main.c:1310
#8  0x4033af5e in apache_php_module_main (r=0x81526d4, display_source_mode=0)
    at sapi_apache.c:90
#9  0x4033bdd4 in send_php (r=0x81526d4, display_source_mode=0,
    filename=0x81532d4 "/home/gub/public_html/SOLR2/index.php") at mod_php4.c:575
#10 0x4033be4e in send_parsed_php (r=0x81526d4) at mod_php4.c:590
#11 0x805443f in ap_invoke_handler ()
#12 0x80681d3 in process_request_internal ()
#13 0x8068234 in ap_process_request ()
#14 0x805f6d5 in child_main ()
#15 0x805f880 in make_child ()
#16 0x805f9f4 in startup_children ()
#17 0x8060043 in standalone_main ()
#18 0x806085f in main ()
#19 0x40149b5c in __libc_start_main (main=0x80604c8 <main>, argc=2,
    ubp_av=0xbffffa54, init=0x804ea70 <_init>, fini=0x80954ac <_fini>,
    rtld_fini=0x4000d634 <_dl_fini>, stack_end=0xbffffa4c)
    at ../sysdeps/generic/libc-start.c:129

the output to the error_log appears to come AFTER the script has run. (ie, i've put an error_log() call at the very end of the script, and the above output comes after MY output.)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-11-19 16:48 UTC] christopher dot k dot hall at mail dot sprint dot com

after additional research i have found it is a dom xml function bug, specifically, xpath_new_context().  i realize that this function is experimental, so i won't even make a fuss over it. :)  just letting you know.

Chris

[2001-11-29 09:33 UTC] mfischer@php.net

Please provide a short, self-containing reproduceable script.

Feedback.

[2001-11-30 08:08 UTC] mfischer@php.net

Update: need no example, fix is coming. Assigning to me.

[2001-12-01 14:45 UTC] mfischer@php.net

Should be fixed in CVS. Closing.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon May 12 08:01:27 2025 UTC