php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41485 segmentation fault parsing wrong xsl file
Submitted: 2007-05-24 09:13 UTC Modified: 2007-07-03 01:00 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:2 (66.7%)
From: andyjunkie at tiscali dot it Assigned:
Status: No Feedback Package: XSLT related
PHP Version: 5.2.2 OS: linux debian
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: andyjunkie at tiscali dot it
New email:
PHP Version: OS:

 

 [2007-05-24 09:13 UTC] andyjunkie at tiscali dot it
Description:
------------
an attempt to load an xsl template file, which has an open/close tag mismatch problem, finishes with a segmentation fault. Always works ok on windows system (generates an error message) but crashes on Linux Debian Etch. Problem is reproduced on 5.1.6 and 5.2.2 versions of PHP, no other versions have been tested.

Reproduce code:
---------------
class Xtp extends XSLTProcessor {
		public function __construct() {
			$this->registerPHPFunctions();
			$xsl = new DOMDocument();
			$xsl->resolveExternals = true;
			$xsl->substituteEntities = true;

			if ($template = $this->locateTemplate()) {
				$xsl->load($template);
				$this->importStyleSheet($xsl); /* SEG FAULT */
			}
		}

Expected result:
----------------
An error message like this:  DOMDocument::load() [function.DOMDocument-load]: Opening and ending tag mismatch: ...

Actual result:
--------------
error handling function is called (if any is set with set_error_handler($func)), on the return of this function segfault appears.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-05-24 20:58 UTC] andyjunkie at tiscali dot it
The problem is present also if an undeclared entity (&foobar;) is used inside the xsl file
 [2007-06-01 14:27 UTC] andyjunkie at tiscali dot it
Here is the script:
<?php
$xsltProcessor = new XSLTProcessor();
$xslDom = new DOMDocument();
$xslDom->load(dirname(__FILE__).'/test.xsl');
$xsltProcessor->importStyleSheet($xslDom); // SEG FAULT
?>
This is the content of "test.xsl", note that <br> tag is not closed

<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

<xsl:template match="/">
	<br>
</xsl:template>

</xsl:stylesheet>
 [2007-06-01 14:33 UTC] andyjunkie at tiscali dot it
<?php
$xsl = '<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
	<br>
</xsl:template>
</xsl:stylesheet>';

$xsltProcessor = new XSLTProcessor();
$xslDom = new DOMDocument();
$xslDom->loadXML($xsl);
$xsltProcessor->importStyleSheet($xslDom);
?>
 [2007-06-01 15:00 UTC] rrichards@php.net
You might want to try using xsltproc command line to see if it crashes there as well (indicating not a PHP issue). Also, try upgrading your libxml2 and libxslt libraries.
It's working fine on linux with libxml2-2.6.23 and libxslt-1.1.15
 [2007-06-08 01:12 UTC] stas@php.net
Works for me on Linux Fedora 6.
 [2007-06-20 14:07 UTC] andyjunkie at tiscali dot it
No crash from command line.

Crashes with:
Debian 2.6.18-4-686
Apache/2.2.3 (Debian) 
PHP/5.2.0-8+etch4
libxml2 2.6.27
libxslt 1.1.19
 [2007-06-25 23:40 UTC] sniper@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2007-07-03 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 07:01:28 2024 UTC