php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #42462 Segmentation when trying to set an attribute in a DOMElement
Submitted: 2007-08-28 16:33 UTC Modified: 2007-08-30 16:34 UTC
From: romain dot lalaut at laposte dot net Assigned: rrichards (profile)
Status: Closed Package: DOM XML related
PHP Version: 5.2CVS-2007-08-28 OS: Linux Ubuntu 2.6.20-16-server
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: romain dot lalaut at laposte dot net
New email:
PHP Version: OS:

 

 [2007-08-28 16:33 UTC] romain dot lalaut at laposte dot net 
Description:
------------
When i try to set an attribute in a DOMElement instance, a segmentation fault may occurs (not for every element but always the same) .

PHP 5.2.1 (cli) (built: Jul 17 2007 18:14:23)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

My phpinfo() : http://paste-it.net/3324


Reproduce code:
---------------
/* XML code

       <div id="one">
		<div id="one_a" />
		<div id="one_b" />
	</div>
	<div id="two"></div>
*/


          $els = $view->getElementsByXPath( "/xhtml:html[1]/xhtml:body[1]//xhtml:*[@id]" ); // It works and $els is an iterator of DOMElement encapsulated in home-made objects
          
          foreach($els as $el)
          {
          	echo('ID : '.$el->getAttribute('id')."\n"); flush();
                $el->setAttribute('id', 'foo');
          	echo("OK\n"); flush();
          }

Expected result:
----------------
ID : one
OK
ID : one_a
OK
ID : one_b 
OK
ID : two
OK


Actual result:
--------------
ID : one
[Segmentation fault]


GDB backtrace

#0  0x080db409 in php_dom_object_get_data (obj=0x656e6f) at /tmp/php5.2-200708281430/ext/dom/php_dom.c:242
#1  0x080e0140 in node_list_unlink (node=0x656e6f) at /tmp/php5.2-200708281430/ext/dom/php_dom.c:931
#2  0x080e01a0 in node_list_unlink (node=0x8676f20) at /tmp/php5.2-200708281430/ext/dom/php_dom.c:948
#3  0x080e8509 in zif_dom_element_set_attribute (ht=2, return_value=0x8711f08, return_value_ptr=0x0, this_ptr=0x87101c0, return_value_used=0) at /tmp/php5.2-200708281430/ext/dom/element.c:308
#4  0x0833fb70 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc12100) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:200
#5  0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc12100) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#6  0x0833f6c0 in execute (op_array=0x866bfa4) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#7  0x0833fcea in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc126b0) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#8  0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc126b0) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#9  0x0833f6c0 in execute (op_array=0x870169c) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#10 0x0833fcea in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc12ba0) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#11 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc12ba0) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#12 0x0833f6c0 in execute (op_array=0x86ee670) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#13 0x0833fcea in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc12d10) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#14 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc12d10) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#15 0x0833f6c0 in execute (op_array=0x86dcff8) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#16 0x0833fcea in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc13740) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#17 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc13740) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#18 0x0833f6c0 in execute (op_array=0x86dbb84) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#19 0x0833fcea in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc13c00) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#20 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc13c00) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#21 0x0833f6c0 in execute (op_array=0x85928b4) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#22 0x0833fcea in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc140f0) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#23 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfc140f0) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#24 0x0833f6c0 in execute (op_array=0x8538d2c) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#25 0x0831aaf5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php5.2-200708281430/Zend/zend.c:1134
#26 0x082c6d91 in php_execute_script (primary_file=0xbfc16468) at /tmp/php5.2-200708281430/main/main.c:1982
#27 0x083944c1 in main (argc=3, argv=0xbfc165d4) at /tmp/php5.2-200708281430/sapi/cli/php_cli.c:1140
(gdb) frame 4
#4  0x0833fb70 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfc12100) at /tmp/php5.2-200708281430/Zend/zend_vm_execute.h:200
200                             ((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, EX(object), return_value_used TSRMLS_CC);
(gdb) frame 3
#3  0x080e8509 in zif_dom_element_set_attribute (ht=2, return_value=0x8711f08, return_value_ptr=0x0, this_ptr=0x87101c0, return_value_used=0) at /tmp/php5.2-200708281430/ext/dom/element.c:308
308                     node_list_unlink(attr->children TSRMLS_CC);
(gdb) frame 2
#2  0x080e01a0 in node_list_unlink (node=0x8676f20) at /tmp/php5.2-200708281430/ext/dom/php_dom.c:948
948                                             node_list_unlink((xmlNodePtr) node->properties TSRMLS_CC);
(gdb) frame 1
#1  0x080e0140 in node_list_unlink (node=0x656e6f) at /tmp/php5.2-200708281430/ext/dom/php_dom.c:931
931                     wrapper = php_dom_object_get_data(node);
(gdb) frame 0
#0  0x080db409 in php_dom_object_get_data (obj=0x656e6f) at /tmp/php5.2-200708281430/ext/dom/php_dom.c:242
242             if (obj && obj->_private != NULL) {

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-08-28 16:36 UTC] scottmac@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

5.2.1 is relatively old, if you\'re going to report a bug at least try the latest version.
 [2007-08-28 20:28 UTC] romain dot lalaut at laposte dot net 
Sorry, i'm tired... The version i used for the test is 
PHP 5.2.4RC4-dev (cli) (built: Aug 28 2007 17:24:11) (DEBUG)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

And make test report some bugs (4) but not for DOM...
 [2007-08-29 06:09 UTC] romain dot lalaut at laposte dot net 
<?php

$xml = <<<foo
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head></head>
<body>
	
	<div id="container">
		<div id="header"></div>
		<div id="content"></div>
	</div>
	<div id="footer">
	</div>
</body>
</html>

foo;

$doc = new DOMDocument( '1.0.', 'utf-8' );
$doc->loadXML( $xml, LIBXML_COMPACT );
$xpath = new DOMXPath( $doc );
$xpath->registerNamespace( 'xhtml', 'http://www.w3.org/1999/xhtml' );
$res = $xpath->query( "/xhtml:html[1]/xhtml:body[1]//xhtml:*[@id]", $doc->documentElement );

foreach($res as $el)
{
	echo('ID : '.$el->getAttribute('id')."\n"); flush();
	$el->setAttribute('id', 'foo');
	echo("OK\n"); flush();
}
?>

But if i remove LIBXML_COMPAT, it works perfectly...
 [2007-08-29 06:15 UTC] romain dot lalaut at laposte dot net 
For your information, if I import the nodes and copy them into an another document, there is no problem even with LIBXML_COMPACT
 [2007-08-29 09:55 UTC] jani@php.net 
Same backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x080e8785 in php_dom_object_get_data (obj=0x64616568) at /home/jani/src/php-5.2/ext/dom/php_dom.c:242
242             if (obj && obj->_private != NULL) {
(gdb) bt
#0  0x080e8785 in php_dom_object_get_data (obj=0x64616568) at /home/jani/src/php-5.2/ext/dom/php_dom.c:242
#1  0x080ed4bc in node_list_unlink (node=0x64616568) at /home/jani/src/php-5.2/ext/dom/php_dom.c:931
#2  0x080ed51c in node_list_unlink (node=0x8c59438) at /home/jani/src/php-5.2/ext/dom/php_dom.c:948
#3  0x080f55b1 in zif_dom_element_set_attribute (ht=2, return_value=0x8c29930, return_value_ptr=0x0, this_ptr=0x8c2903c, return_value_used=0)
    at /home/jani/src/php-5.2/ext/dom/element.c:308
#4  0x08303d68 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfb0a4c4) at /home/jani/src/php-5.2/Zend/zend_vm_execute.h:200
 [2007-08-30 16:34 UTC] rrichards@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Dec 03 17:01:29 2024 UTC