php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33340 CLI Crash (core dump) when calling php:function from XSLT
Submitted: 2005-06-14 18:40 UTC Modified: 2005-06-14 21:41 UTC
From: mathias dot henze at skytecag dot com Assigned:
Status: Closed Package: XSLT related
PHP Version: 5.0.4 OS: Linux/Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mathias dot henze at skytecag dot com
New email:
PHP Version: OS:

 

 [2005-06-14 18:40 UTC] mathias dot henze at skytecag dot com 
Description:
------------
If a parameter is passed to a php-function where an ancestor of an xpath-expression does not exist, php (at leats CLI) core dumps on windows and linux. This was tested with PHP5.0.4 and PHP5.1.0b1.

Reproduce code:
---------------
<?php

$source='<?xml version="1.0" encoding="ISO-8859-1"?>
<root>
    <child1>
        <child2/>
    </child1>
</root>
';

$script='<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0"
		xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
		xmlns:php="http://php.net/xsl"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsl:extension-element-prefixes="php">
    <xsl:output method="text"/>
	<xsl:template match="/">
        <!-- This works! -->
        <xsl:value-of select="php:function(\'xslCallback\',/root/child1/child2)"/>
        <!-- This works! -->
        <xsl:value-of select="php:function(\'xslCallback\',/root/child1/childE)"/>
        <!-- This works! -->
        <xsl:value-of select="php:functionString(\'xslCallback\',/root/childE/child2)"/>

        <!-- This core dumps! -->
        <xsl:value-of select="php:function(\'xslCallback\',/root/childE/child2)"/>

        <!-- This (surprisingly) also core dumps (at the function-callback)! -->
        <xsl:variable name="indirect" select="/root/childE/child2"/>
        <xsl:value-of select="php:function(\'xslCallback\',$indirect)"/>
	</xsl:template>

</xsl:stylesheet>
';

function xslCallback($nodes)
{
    return "This works!\n";
}

$dom = new DOMDocument();
$dom->preserveWhiteSpace = true;
$dom->loadXML($source);

$xsl = new DOMDocument;
$xsl->loadXML($script);

$xslt = new XSLTProcessor();
$xslt->registerPHPFunctions();
$xslt->importStyleSheet($xsl);

if (false === ($result = $xslt->transformToXML($dom)))
{
    trigger_error('XSL transformation failed.', E_USER_ERROR);
}

print $result;
?>


Expected result:
----------------
This Works!
This Works!
This Works!
This Works!
This Works!

Actual result:
--------------
Core Dump.

strace:
(...)
open("/usr/lib/php5/extensions/date.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P-\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=49264, ...}) = 0
old_mmap(NULL, 52448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb700f000
old_mmap(0xb701b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0xb701b000
close(3)                                = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0xb7f4b5b0, [PROF], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
open("test.php", O_RDONLY)              = 3
fstat64(3, {st_mode=S_IFREG|0744, st_size=1656, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb700e000
read(3, "<?php\r\n\r\n$source=\'<?xml version="..., 4096) = 1656
_llseek(3, 0, [0], SEEK_SET)            = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0xb7f4b5b0, [PROF], SA_RESTART}, {0xb7f4b5b0, [PROF], SA_RESTART}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
brk(0x8152000)                          = 0x8152000
gettimeofday({1118767098, 337756}, NULL) = 0
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 6), ...}) = 0
lseek(0, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 6), ...}) = 0
lseek(1, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
fstat64(2, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 6), ...}) = 0
lseek(2, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
getcwd("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze", 4096) = 51
lstat64("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze/test.php", {st_mode=S_IFREG|0744, st_size=1656, ...}) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0xb7f4b5b0, [PROF], SA_RESTART}, {0xb7f4b5b0, [PROF], SA_RESTART}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfffd138) = -1 ENOTTY (Inappropriate ioctl for device)
read(3, "<?php\r\n\r\n$source=\'<?xml version="..., 8192) = 1656
read(3, "", 4096)                       = 0
read(3, "", 8192)                       = 0
close(3)                                = 0
munmap(0xb700e000, 4096)                = 0
getcwd("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze", 4096) = 51
getcwd("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze", 4096) = 51
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-06-14 21:41 UTC] rrichards@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC