|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2007-02-23 11:22 UTC] rrichards@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 16:01:28 2024 UTC |
Description: ------------ libxml segfaults when xml document was loaded with LIBXML_COMPACT flag and try to remove a node. libxml 2.6.27 Reproduce code: --------------- $doc = DOMDocument::loadXML('<root><father><child xml:id="remove" /></father></root>', LIBXML_COMPACT); $node = $doc->getElementByID('remove'); $node->parentNode->removeChild( $node ); Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1210758944 (LWP 27086)] php_libxml_node_free_list (node=0x70706970) at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236 236 switch (node->type) { (gdb) bt #0 php_libxml_node_free_list (node=0x70706970) at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236 #1 0xb7a310b0 in php_libxml_node_free_list (node=<value optimized out>) at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:253 #2 0xb7a310f9 in php_libxml_node_free_list (node=<value optimized out>) at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:249 #3 0xb7a3115b in php_libxml_node_free_resource (node=0x82247c0) at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1005 #4 0xb7a311f8 in php_libxml_node_decrement_resource (object=0xb7799708) at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1028 #5 0xb7a65864 in dom_objects_free_storage (object=0xb7799708) at /usr/local/src/php5.2-200702222130/ext/dom/php_dom.c:974 #6 0xb7c298a7 in zend_objects_store_del_ref_by_handle (handle=2) at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:206 #7 0xb7c298e7 in zend_objects_store_del_ref (zobject=0xb7799848) at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:168 #8 0xb7c02199 in _zval_ptr_dtor (zval_ptr=0xb7796f60) at /usr/local/src/php5.2-200702222130/Zend/zend_variables.h:35 #9 0xb7c17667 in zend_hash_apply_deleter (ht=0xb7d53990, p=0xb7796f54) at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:611 #10 0xb7c17768 in zend_hash_reverse_apply (ht=0xb7d53990, apply_func=0xb7c018d0 <zval_call_destructor>) at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:760 #11 0xb7c020fe in shutdown_destructors () at /usr/local/src/php5.2-200702222130/Zend/zend_execute_API.c:211 #12 0xb7c0e300 in zend_call_destructors () at /usr/local/src/php5.2-200702222130/Zend/zend.c:846 #13 0xb7bcfd88 in php_request_shutdown (dummy=0x0) at /usr/local/src/php5.2-200702222130/main/main.c:1279 #14 0xb7c8642d in php_handler (r=0x821d578) at /usr/local/src/php5.2-200702222130/sapi/apache2handler/sapi_apache2.c:463 #15 0x08074617 in ap_run_handler (r=0x821d578) at config.c:157 #16 0x08077707 in ap_invoke_handler (r=0x821d578) at config.c:372 #17 0x0808deb8 in ap_process_request (r=0x821d578) at http_request.c:258 #18 0x0808b15e in ap_process_http_connection (c=0x8219558) at http_core.c:184 #19 0x0807b4d7 in ap_run_process_connection (c=0x8219558) at connection.c:43 #20 0x080a10a4 in child_main (child_num_arg=<value optimized out>) at prefork.c:640 #21 0x080a1304 in make_child (s=0x80ccc80, slot=0) at prefork.c:680 #22 0x080a20ca in ap_mpm_run (_pconf=0x80c80a8, plog=0x81061a0, s=0x80ccc80) at prefork.c:956 #23 0x0806222f in main (argc=135029024, argv=0x0) at main.c:717