php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #43205 Crash with get_elements_by_tagname
Submitted: 2007-11-06 16:00 UTC Modified: 2007-11-06 20:29 UTC
From: rak at avast dot com Assigned:
Status: Not a bug Package: DOM XML related
PHP Version: 5.2.5RC2 OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: rak at avast dot com
New email:
PHP Version: OS:

 

 [2007-11-06 16:00 UTC] rak at avast dot com 
Description:
------------
Report for php__PID__2952__Date__11_06_2007__Time_04_56_14PM__140__Second_Chance_Exception_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   LENOVO 
Operating System   Windows XP Service Pack 2 
Number Of Processors   2 
Process ID   2952 
Process Image   c:\Program Files\PHP\php.exe 
System Up-Time   2 day(s) 03:04:30 
Process Up-Time   00:01:06 


Thread 0 - System ID 6252
Entry point   php!mainCRTStartup 
Create time   6.11.2007 16:55:08 
Time spent in user mode   0 Days 0:0:0.31 
Time spent in kernel mode   0 Days 0:0:0.31 






Function     Arg 1     Arg 2     Arg 3   Source 
php5ts!zend_object_store_get_object+1f     012ed190     01021ba0     100a70af    
php5ts!zend_objects_get_address+f     012ed190     01021ba0     015f2fa4    
php5ts!zend_std_get_properties+f     012ed190     01021ba0     00000000    
php_domxml!php_domobject_new+1d34     01df52b0     00000001     012ed190    
php_domxml!php_domobject_new+1b8a     012eea50     01021ba0     01022798    
php5ts!list_entry_destructor+43     012eea50     77c1c21b     01022798    
php5ts!zend_hash_apply_deleter+97     01022798     012ed048     01021ba0    
php5ts!zend_hash_graceful_reverse_destroy+13     01022798     1000273f     01022798    
php5ts!zend_destroy_rsrc_list+a     01022798     01021ba0     01021ba0    
php5ts!zend_deactivate+ff     00000000     00000000     00000000    




PHP5TS!ZEND_OBJECT_STORE_GET_OBJECT+1FIn php__PID__2952__Date__11_06_2007__Time_04_56_14PM__140__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!zend_object_store_get_object+1f in c:\Program Files\PHP\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000034 on thread 0

Module Information 
Image Name: c:\Program Files\PHP\php5ts.dll   Symbol Type:  PDB 
Base address: 0x10000000   Time Stamp:  Sat Nov 03 21:05:11 2007  
Checksum: 0x00000000   Comments:   
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  PHP Script Interpreter 
ISAPIFilter: False   File Version:  5.2.5.5 
Managed DLL: False   Internal Name:  php5ts.dll 
VB DLL: False   Legal Copyright:  Copyright ? 1997-2007 The PHP Group 
Loaded Image Name:  php5ts.dll   Legal Trademarks:  PHP 
Mapped Image Name:  C:\Program Files\PHP\php5ts.dll   Original filename:  php5ts.dll 
Module name:  php5ts   Private Build:   
Single Threaded:  False   Product Name:  PHP Script Interpreter 
Module Size:  4,86 MBytes   Product Version:  5.2.5 
Symbol File Name:  C:\Program Files\PHP\php5ts.pdb   Special Build:  &RC3-dev 


Reproduce code:
---------------
<?php

$dom = domxml_open_mem('<?xml version="1.0" encoding="UTF-8"?><root><row /> </root>');

someFunction($dom);

function someFunction($dom){
	$users = $dom->get_elements_by_tagname('row');
	die();
}
?>

Expected result:
----------------
DONE

Actual result:
--------------
apache/php crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-11-06 20:29 UTC] iliaa@php.net 
Please report this bug at http://bugs.pecl.php.net/bugs/
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 13 03:01:32 2025 UTC