PHP :: Bug #39562 :: Segfault with Invalid XSLT

Bug #39562	Segfault with Invalid XSLT
Submitted:	2006-11-20 21:34 UTC	Modified:	2006-11-20 23:36 UTC
From:	hairmare at gmail dot com	Assigned:
Status:	Not a bug	Package:	XSLT related
PHP Version:	6CVS-2006-11-20 (snap)	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hairmare at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2006-11-20 21:34 UTC] hairmare at gmail dot com

Description:
------------
this code is based on a snippet from the manual (http://php.net/xsl-xsltprocessor-construct).

Any small error in the xslt sheet easily makes php segfault.

i'm even getting this on older versions.

my configure;
 './configure' '--disable-cgi' '--enable-cli' '--with-mysql' '--with-openssl' '--with-pdo-mysql' '--enable
-soap' '--with-xsl' '--enable-debug' '--with-zlib' '--with-dom' '--with-gdbm' '--with-curl' '--with-dom' '--with-gd' '--enable-calendar' '--with-bz2' '--with-mcrypt' '--
with-xmlrpc' '--with-gettext' '--with-ttf' '--enable-pcntl' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-shmop' '--with-png' '--with-jpeg' '--with-
tiff' '--with-freetype'


Reproduce code:
---------------
<?php
$xsl = new DOMDocument;
$xsl->loadXML(b'<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"/>
    extra content here
    ');

$proc = new XSLTProcessor;
$proc->importStyleSheet($xsl);

echo 'hello mr bug';
?>


Expected result:
----------------
--EXPECTREGEX--

Warning: DOMDocument::loadXML\(\): Extra content at the end of the document in Entity, line: [-1-9]* in .* on line [0-9]*

Warning: XSLTProcessor::importStylesheet\(\): compilation error in .* on line [0-9]*

Warning: XSLTProcessor::importStylesheet\(\): xsltParseStylesheetProcess : empty stylesheet in .* on line [0-9]*
hello mr bug


Actual result:
--------------
#0  0x08332197 in zif_xsl_xsltprocessor_import_stylesheet (ht=1, return_value=0xb6b5d474, return_value_ptr=0x0, this_ptr=0xb6b5c1c8, return_value_used=0)
    at /usr/local/src/php-6/php6.0-200611201530/ext/xsl/xsltprocessor.c:388
#1  0x083b61c0 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfef9240) at zend_vm_execute.h:209
#2  0x083b6bff in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfef9240) at zend_vm_execute.h:331
#3  0x083b5d88 in execute (op_array=0xb6b5c8d4) at zend_vm_execute.h:92
#4  0x0838e5f2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-6/php6.0-200611201530/Zend/zend.c:1587
#5  0x08337e68 in php_execute_script (primary_file=0xbfefb690) at /usr/local/src/php-6/php6.0-200611201530/main/main.c:1933
#6  0x084005f0 in main (argc=2, argv=0xbfefb724) at /usr/local/src/php-6/php6.0-200611201530/sapi/cli/php_cli.c:1119

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-20 21:55 UTC] tony2001@php.net

Cannot reproduce. Make sure you've executed ./cvsclean before rebuilding PHP.

[2006-11-20 23:24 UTC] hairmare at gmail dot com

cvsclean issue, sorry

[2006-11-20 23:36 UTC] hairmare at gmail dot com

buildconf related

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 11:01:30 2024 UTC