php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38410 PHP Interpreter Crash with schemaValidate on XML with CDATA sections.
Submitted: 2006-08-10 11:14 UTC Modified: 2006-09-06 22:03 UTC
From: adam at sccode dot com Assigned: edink (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.1.4 OS: Windows 2000/XP/2003
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: adam at sccode dot com
New email:
PHP Version: OS:

 

 [2006-08-10 11:14 UTC] adam at sccode dot com 
Description:
------------
Attempting to validate an XML document against a schema containing a CDATA section with whitespace preceeding the opening tag causes the PHP Interpreter to crash with an exception in Windows 2000/XP and 2003 on both IIS and Apache.

Example:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value>
		<![CDATA[ 
			test 
			]]>
	</value>
 
</test>

Validating the schema using xmllint with libxml 2.6.22 DLL works as expected and does not crash.


I found a similar, possibly the same bug (http://bugs.php.net/bug.php?id=37435&edit=2) which has been closed. As I could not reproduce it with xmllint, I figure that it must be the PHP interpreter.

Reproduce code:
---------------
crash-test.php:
<?php
    $xml = new DOMDocument('1.0');
    $xml->load('crash-test.xml');

    $xml->schemaValidate('crash-test.xsd'); // crash here
?>

crash-test.xml:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value>
		<![CDATA[ 
			test 
			]]>
	</value>
 
</test>

crash-test.xsd:
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema
	xmlns:xs="http://www.w3.org/2001/XMLSchema"
	targetNamespace="http://www.php.net/bugtests"
	 xmlns="http://www.php.net/bugtests"
	elementFormDefault="qualified">

	<xs:element name="test">
		<xs:complexType>
			<xs:sequence>	
				<xs:element maxOccurs="unbounded" name="value" type="xs:string" />
			</xs:sequence>
		</xs:complexType>
	</xs:element>	
</xs:schema>


Expected result:
----------------
validated schema

Actual result:
--------------
php interpreter crashes with exception

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-10 13:51 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Cannot reproduce.
 [2006-08-10 16:05 UTC] adam at sccode dot com 
Using the latest Windows Snapshot (5.2.0RC2-dev - Build: Aug 10 2006 16:15:11) I receive the same error. Note that removing the whitespace before the CDATA section does eliminate the problem and could be used as a workaround:

Crashes interpreter:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value>
		<![CDATA[ 
			test 
			]]>
	</value>
 
</test>

Works:
<?xml version="1.0"?>
<test xmlns="http://www.php.net/bugtests">
	<value><![CDATA[ 
			test 
			]]>
	</value>
 
</test>

As the XML specification allows for whitespace after tags, I don't think the interpreter should crash upon encountering these.
 [2006-08-10 16:49 UTC] tony2001@php.net 
I can reproduce it with libxml2-2.6.22, but not with libxml2-2.6.23. 
So, apparently this is libxml2 bug and win32 builds should use a newer libxml2 version (2.6.26 is the latest one at the moment).
 [2006-08-10 18:13 UTC] adam at sccode dot com 
I will attempt a build with libxml 2.6.26 and see what I come up with.
 [2006-09-06 22:03 UTC] edink@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 10 17:01:32 2025 UTC