php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25527 xslt_process causes apache segfault
Submitted: 2003-09-13 18:55 UTC Modified: 2003-09-14 12:12 UTC
From: suck at my-balls dot com Assigned:
Status: Not a bug Package: XSLT related
PHP Version: 4.3.3 OS: OpenBSD 3.4
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: suck at my-balls dot com
New email:
PHP Version: OS:

 

 [2003-09-13 18:55 UTC] suck at my-balls dot com
Description:
------------
OpenBSD 3.4 with the stock apache.  PHP 4.3.3 from the openbsd ports tree.  (./configure --with-apxs=/usr/sbin/apxs --without-mysql --enable-xml --enable-wddx --enable-cli --with-iconv=/usr/local --with-gettext=/usr/local --enable-dio --with-pear=/var/www/pear --enable-bcmath --enable-session --enable-trans-sid --enable-calendar --enable-ctype --enable-ftp --with-pcre-regex --with-posix --enable-sockets --enable-sysvsem --enable-sysvshm --enable-yp --with-recode=/usr/local --enable-shared --disable-static --disable-rpath --with-config-file-path=/var/www/conf --enable-inline-optimization --with-pic --with-openssl --with-zlib --prefix=/usr/local --sysconfdir=/etc)

xslt and other extensions are loaded as shared objects:
extension=xslt.so
extension=domxml.so
extension=gd.so
extension=mcrypt.so
extension=mhash.so
extension=pgsql.so
extension=mysql.so

Using xslt_process from a php script causes apache to seg fault.

Reproduce code:
---------------
$this->xh = xslt_create();
$this->arguments = array();
xslt_set_encoding($this->xh, "ISO-8859-2");
-snip-
$result = @xslt_process($this->xh, $this->xml, $this->xsl, NULL, array(), $this->arguments);

The call to xslt_process causes the seg fault.  $this->xml and $this->xsl are set to .xml and .xsl filenames.

Expected result:
----------------
I was hoping it would do what xslt_process is supposed to do, instead of crashing apache  :)

Actual result:
--------------
[Thu Sep 11 22:02:18 2003] [notice] child pid 28749 exit signal Segmentation fault (11)
[Thu Sep 11 22:02:18 2003] [notice] child pid 21161 exit signal Segmentation fault (11)

Program received signal SIGSEGV, Segmentation fault.
0x1c05a300 in hashTableIterNext ()
(gdb) bt
#0  0x1c05a300 in hashTableIterNext ()
#1  0x1c053d37 in XML_GetCurrentLineNumber ()
#2  0x6b1a249 in TreeConstructer::getCurrentLineNumber ()
#3  0x6b1da18 in TreeConstructer::report ()
#4  0x6b1ad32 in TreeConstructer::feedDocumentToParser ()
#5  0x6b19d48 in TreeConstructer::parseDataLineUsingGivenExpat ()
#6  0x6b1a050 in TreeConstructer::parseDataLineUsingExpat ()
#7  0x6b3def0 in Tree::parse ()
#8  0x6b21470 in Processor::addLineParse ()
#9  0x6b219a9 in Processor::readTreeFromURI ()
#10 0x6b1f5f3 in Processor::open ()
#11 0x6b26c50 in SablotRunProcessorGen ()
#12 0xb060184 in zif_xslt_process (ht=6, return_value=0x3c8a1a8c,
this_ptr=0x0, return_value_used=1) at
/usr/ports/www/php4/extensions/w-php-4.3.3-no_x11-no_bz2-no_curl-no_dba-no_dbase-no_dbx-no_filepro-no_gmp-no_imap-no_ldap-no_ncurses-no_odbc-no_pdf-no_shmop-no_snmp-no_pspell-no_sybase_ct/php-4.3.3/ext/xslt/sablot.c:590
#13 0x75b6c13 in execute ()
#14 0x75b6d8a in execute ()
#15 0x75a6596 in zend_execute_scripts ()
#16 0x757ca5f in php_execute_script ()
#17 0x75bda0e in apache_php_module_main ()
#18 0x75be5eb in send_php ()
#19 0x75be64a in send_parsed_php ()
#20 0x1c0373e4 in ap_invoke_handler ()
#21 0x1c047e2c in ap_some_auth_required ()
#22 0x1c048128 in ap_internal_redirect ()
#23 0x1c02efcf in ssl_expr_yyinput ()
#24 0x1c0373e4 in ap_invoke_handler ()
#25 0x1c047e2c in ap_some_auth_required ()
#26 0x1c047e88 in ap_process_request ()
#27 0x1c040ade in ap_child_terminate ()
#28 0x1c040cfe in ap_child_terminate ()
#29 0x1c040f88 in ap_child_terminate ()
#30 0x1c041635 in ap_child_terminate ()
#31 0x1c041b97 in main ()
---Type <return> to continue, or q <return> to quit---
#32 0x1c00ec81 in ___start ()
#33 0x1c00ebf7 in __start ()
#34 0xcfbf7f04 in ?? ()
Error accessing memory address 0x3: Invalid argument.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-14 03:11 UTC] sniper@php.net
1. Not enough info
2. Lame email address
3. It's Sablot bug.

 [2003-09-14 12:12 UTC] suck at my-balls dot com
1. What other info should I have given?  I did what the bug report said, and included configure lines and a backtrace.

2. Whatever you say, I am sure that has alot to do with bug reports right?

3. Thanks, this was all that's needed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 19:01:28 2024 UTC