php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #14123 segfault (possibly dom/xml/xslt related)
Submitted: 2001-11-19 14:51 UTC Modified: 2002-06-03 18:19 UTC
From: christopher dot k dot hall at mail dot sprint dot com Assigned:
Status: Closed Package: DOM XML related
PHP Version: 4.1.0RC1 OS: linux redhat 7.0
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: christopher dot k dot hall at mail dot sprint dot com
New email:
PHP Version: OS:

 

 [2001-11-19 14:51 UTC] christopher dot k dot hall at mail dot sprint dot com 
configure options:

./configure \
--cache-file=/dev/null \
--with-config-file-path=/usr/local/apache/conf \
--with-apxs=/usr/local/apache/bin/apxs \
--enable-trans-sid \
--enable-ftp \
--enable-track-vars \
--with-mysql=/usr/local/mysql \
--enable-libgcc \
--enable-debug \
--verbose \
--with-gd=shared \
--with-dom \
--with-ttf \
--with-xml \
--with-zlib \
--with-mhash \
--prefix=/usr/local/php \
--with-regex=system \
--enable-memory-limit \
--enable-sysvsem \
--enable-sysvshm \
--with-bz2 \
--with-gettext \
--with-jpeg-dir=/usr \
--with-xpm-dir=/usr/X11R6 \
--with-ldap \
--with-mm=/usr/local/mm \
--enable-exif \
--with-pcre-regex=/usr/local/lib \
--with-expat-dir=/usr \
--without-pgsql \
--enable-shmop \
--with-snmp \
--enable-sockets \
--with-pspell \
--with-pear \
--with-iconv \
--enable-mbstring \
--enable-mbstr-enc-trans \
--enable-xslt \
--with-xslt-sablot

error_log output:

php_domxml.c(2680) :  Freeing 0x083B9F14 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(450) :  Freeing 0x083B9ED4 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(446) :  Freeing 0x083B9DF4 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(480) :  Freeing 0x083B11A4 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
zend_hash.c(176) :  Freeing 0x083B783C (32 bytes), script=/home/gub/public_html/SOLR2/index.php
Last leak repeated 1 time
zend_hash.c(404) :  Freeing 0x083AD3F4 (35 bytes), script=/home/gub/public_html/SOLR2/index.php
Last leak repeated 3 times
php_domxml.c(551) :  Freeing 0x083ABC2C (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(547) :  Freeing 0x083ABB54 (12 bytes), script=/home/gub/public_html/SOLR2/index.php
php_domxml.c(582) :  Freeing 0x083AA20C (12 bytes), script=/home/gub/public_html/SOLR2/index.php
zend_API.c(593) :  Freeing 0x083B120C (44 bytes), script=/home/gub/public_html/SOLR2/index.php
zend_API.c(581) : Actual location (location was relayed)
Last leak repeated 1 time

the above ALWAYS occurs, however, the segfault does NOT ALWAYS occur, i have to repeatedly reload the page.

backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x4032c0c7 in _zval_dtor (zvalue=0x82c77b4,
    __zend_filename=0x40412abc "zend_execute_API.c", __zend_lineno=268)
    at zend_variables.c:43
43                              CHECK_ZVAL_STRING_REL(zvalue);
(gdb) bt
#0  0x4032c0c7 in _zval_dtor (zvalue=0x82c77b4,
    __zend_filename=0x40412abc "zend_execute_API.c", __zend_lineno=268)
    at zend_variables.c:43
#1  0x40322e35 in _zval_ptr_dtor (zval_ptr=0x83880c0,
    __zend_filename=0x40412431 "zend_execute.h", __zend_lineno=114)
    at zend_execute_API.c:268
#2  0x40320c96 in zend_ptr_stack_clear_multiple () at zend_execute.h:114
#3  0x4031dbd7 in execute (op_array=0x8177fdc) at ./zend_execute.c:1665
#4  0x4031d8d7 in execute (op_array=0x836db94) at ./zend_execute.c:1630
#5  0x4031f8d2 in execute (op_array=0x827cadc) at ./zend_execute.c:2133
#6  0x4032dfe8 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:814
#7  0x403401a2 in php_execute_script (primary_file=0xbffff5f0) at main.c:1310
#8  0x4033af5e in apache_php_module_main (r=0x81526d4, display_source_mode=0)
    at sapi_apache.c:90
#9  0x4033bdd4 in send_php (r=0x81526d4, display_source_mode=0,
    filename=0x81532d4 "/home/gub/public_html/SOLR2/index.php") at mod_php4.c:575
#10 0x4033be4e in send_parsed_php (r=0x81526d4) at mod_php4.c:590
#11 0x805443f in ap_invoke_handler ()
#12 0x80681d3 in process_request_internal ()
#13 0x8068234 in ap_process_request ()
#14 0x805f6d5 in child_main ()
#15 0x805f880 in make_child ()
#16 0x805f9f4 in startup_children ()
#17 0x8060043 in standalone_main ()
#18 0x806085f in main ()
#19 0x40149b5c in __libc_start_main (main=0x80604c8 <main>, argc=2,
    ubp_av=0xbffffa54, init=0x804ea70 <_init>, fini=0x80954ac <_fini>,
    rtld_fini=0x4000d634 <_dl_fini>, stack_end=0xbffffa4c)
    at ../sysdeps/generic/libc-start.c:129

the output to the error_log appears to come AFTER the script has run. (ie, i've put an error_log() call at the very end of the script, and the above output comes after MY output.)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-19 16:48 UTC] christopher dot k dot hall at mail dot sprint dot com 
after additional research i have found it is a dom xml function bug, specifically, xpath_new_context().  i realize that this function is experimental, so i won't even make a fuss over it. :)  just letting you know.

Chris
 [2001-11-29 09:33 UTC] mfischer@php.net 
Please provide a short, self-containing reproduceable script.

Feedback.
 [2001-11-30 08:08 UTC] mfischer@php.net 
Update: need no example, fix is coming. Assigning to me.
 [2001-12-01 14:45 UTC] mfischer@php.net 
Should be fixed in CVS. Closing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 14:01:31 2024 UTC