php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #13717 Segfault in domxml
Submitted: 2001-10-17 14:07 UTC Modified: 2001-12-05 07:13 UTC
From: csollet at coleebris dot com Assigned:
Status: Closed Package: DOM XML related
PHP Version: 4.2.0 CVS-2001-12-5 OS: Linux 2.2.14 / Suse 6.4
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-10-17 14:07 UTC] csollet at coleebris dot com 
Tested with php4.0.7RC3 and latest cvs (-r PHP_4_0_7)

I haven't a simple script to reproduce since i use a complex sets of php class and the crash seems to occur after dom calls. Just some observations (and a backtrace) :

<?
class A
{
	function A()
	{
		// A lot of calls (new objects, class A methods, etc..)
		//  to build (and destroy)
		//  nodes into, at least, two dom tree

		//die("End of constructor");
	}
}

$b = new A;
// die("new instance created");

// Lots of code following.
?>

the real script crash but not if i uncomment the die at the end of the constructor.
 If i uncomment the die after "new A"  --> crash

Config :

./configure --with-apache=../apache_1.3.20 \
	--with-sybase-ct=/opt/sybase-12.5/OCS  \
	--enable-track_vars \
	--with-gd=/usr \
	--enable-debug  \
	--with-mysql \
	--with-curl=/usr/local \
	--enable-memory-limit \
	--with-db2 \
	--with-imap=/usr/local \
	--with-dom=/usr/local \
	--with-ldap=/usr/local \
	--with-mhash=/usr/local \
	--with-zlib \
	--enable-sysvsem \
	--enable-sysvshm \
	--with-png-dir=/usr \
	--with-jpeg-dir=/usr \
	--with-ttf=/usr \
	--enable-bcmath

tried with libmlx2..4.2 and libxml2.4.6

Backtrace :

Program received signal SIGSEGV, Segmentation fault.
0x80a7d69 in php_dom_get_object (wrapper=0x0, rsrc_type1=22, rsrc_type2=0) at php_domxml.c:600
600             if (Z_TYPE_P(wrapper) != IS_OBJECT) {
(gdb) bt
#0  0x80a7d69 in php_dom_get_object (wrapper=0x0, rsrc_type1=22, rsrc_type2=0) at php_domxml.c:600
#1  0x80aa500 in zif_domxml_node_unlink_node (ht=1, return_value=0x858f7cc, this_ptr=0x0, return_value_used=0) at php_domxml.c:1432
#2  0x81a924a in execute (op_array=0x84e3f44) at ./zend_execute.c:1590
#3  0x81a9428 in execute (op_array=0x8830f44) at ./zend_execute.c:1630
#4  0x81a9428 in execute (op_array=0x8393abc) at ./zend_execute.c:1630
#5  0x81829a9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:814
#6  0x80918a1 in php_execute_script (primary_file=0xbffff528) at main.c:1310
#7  0x818e99c in apache_php_module_main (r=0x83b364c, display_source_mode=0) at sapi_apache.c:90
#8  0x808dd5e in send_php ()
#9  0x808ddc6 in send_parsed_php ()
#10 0x81b3c39 in ap_invoke_handler ()
#11 0x81c91af in process_request_internal ()
#12 0x81c9222 in ap_process_request ()
#13 0x81bfe26 in child_main ()
#14 0x81bffe5 in make_child ()
#15 0x81c0166 in startup_children ()
#16 0x81c07ec in standalone_main ()
#17 0x81c101c in main ()
#18 0x40449a5e in __libc_start_main () at ../sysdeps/generic/libc-start.c:93

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-29 08:36 UTC] mfischer@php.net 
Please provide a short self-containing reproduceable script.

Feedback.
 [2001-12-05 07:13 UTC] csollet at coleebris dot com 
Can't reproduce with current CVS version :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 03:01:27 2024 UTC