PHP :: Bug #13355 :: reproduceable Apache Bomb w/ xslt

Bug #13355	reproduceable Apache Bomb w/ xslt
Submitted:	2001-09-17 18:05 UTC	Modified:	2001-10-02 08:45 UTC
From:	php4 at meta-craft dot com	Assigned:
Status:	Closed	Package:	XSLT related
PHP Version:	4.0CVS-2001-09-17	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-09-17 18:05 UTC] php4 at meta-craft dot com

having compiled php4.0.7RC2 w/
--enable-xslt --with-xslt-sablot
using sablot .65.1, here is my lovely backtrace, please help, Sir Sterling,
Program received signal SIGSEGV, Segmentation fault.
0x4040f370 in zif_xslt_error () from /usr/lib/apache/1.3/libphp4.so
(gdb) bt
#0  0x4040f370 in zif_xslt_error () from /usr/lib/apache/1.3/libphp4.so
#1  0x4035fc19 in execute () from /usr/lib/apache/1.3/libphp4.so
#2  0x4036e376 in zend_execute_scripts () from /usr/lib/apache/1.3/libphp4.so
#3  0x4037c1f6 in php_execute_script () from /usr/lib/apache/1.3/libphp4.so
#4  0x4037802e in apache_php_module_main () from /usr/lib/apache/1.3/libphp4.so
#5  0x40378b2e in php_restore_umask () from /usr/lib/apache/1.3/libphp4.so
#6  0x40378b95 in php_restore_umask () from /usr/lib/apache/1.3/libphp4.so
#7  0x08054244 in ap_invoke_handler (r=0x840d064) at http_config.c:517
#8  0x080630ac in process_request_internal (r=0x840d064) at http_request.c:1307
#9  0x08063108 in ap_process_request (r=0x840d064) at http_request.c:1323
#10 0x0805cc69 in child_main (child_num_arg=0) at http_main.c:4299
#11 0x0805cdfc in make_child (s=0x809af84, slot=0, now=1000763166) at http_main.c:4412
#12 0x0805cf19 in startup_children (number_to_start=5) at http_main.c:4494
#13 0x0805d3d5 in standalone_main (argc=2, argv=0xbffff894) at http_main.c:4782
#14 0x0805da9d in main (argc=2, argv=0xbffff894) at http_main.c:5124
#15 0x400e364f in __libc_start_main () from /lib/libc.so.6

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-09-17 18:12 UTC] php4 at meta-craft dot com

sheesh. forgot to add offending script:

<?php

$xml = "<?xml version='1.0'?><node>My Data</node';
$xsl = 'join(file("./myxsl.xsl"), '');

$xh = xslt_create();

$args = array("/_xml" => $xml, "/_xsl" => $xsl);

$data = xslt_process($xh, "arg:/_xml", "arg:/_xml", NULL, $args);

xslt_free($xh);

print $data;

?>

[2001-09-17 18:13 UTC] php4 at meta-craft dot com

yeah, yeah. I know, there are typos in the xml string line... it's late. My fingers aren't working all that well.

The code I'm using is a damned-near copy of what's in ext/xslt/README.BACKENDS

cheers.

[2001-10-02 08:45 UTC] sterling@php.net

Should be fixed in cvs, try the latest and if not please post a short test case which reproduces this error (the one below doesn't even call the xslt_error() function).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 11:01:33 2024 UTC