php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14442 Segmentation fault when using xslt_process()
Submitted: 2001-12-11 20:57 UTC Modified: 2001-12-16 19:02 UTC
From: mike at blueroot dot net Assigned:
Status: Closed Package: XSLT related
PHP Version: 4.1.0 OS: Linux (RH 7.0)
Private report: No CVE-ID: None
 [2001-12-11 20:57 UTC] mike at blueroot dot net
I am trying to run the XSLT example at phpbuilder using these 2 files as input.

http://www.phpbuilder.com/columns/justin20001025.php3?page=2
http://www.phpbuilder.com/columns/justin20001025.php3?page=3

I have written my own script to process this:

----------------------------------------------
<?php
$pr = xslt_create();
$xsl = fopen("test.xsl", "r");
$xml = fopen("test.xml", "r");
$xslc = fread($xsl, filesize("test.xsl"));
$xmlc = fread($xml, filesize("test.xml"));
xslt_process($pr, $xmlc, $xslc);
xslt_free($pr);
?>
----------------------------------------------

when i run this script, the xslt_process() command crashes the server.  The gdb backtrace result is here...
----------------------------------------------
Program received signal SIGSEGV, Segmentation fault.
0x4008d044 in Situation::generateMessage (this=0x3c202020, type=1498698543, code=171853132, arg1=@0x20202020,
    arg2=@0x20202020, theMessage=@0x682f3c20) at situa.cpp:263
263         if (messenger && !(flags & SAB_NO_ERROR_REPORTING))
Current language:  auto; currently c++
(gdb) bt
#0  0x4008d044 in Situation::generateMessage (this=0x3c202020, type=1498698543, code=171853132, arg1=@0x20202020,
    arg2=@0x20202020, theMessage=@0x682f3c20) at situa.cpp:263
#1  0x20202020 in ?? ()
Cannot access memory at address 0x20202020
----------------------------------------------

My system is Red Hat 7.0, I have upgraded most software with RPM's to RH7.2 level.  I have installed from source the latest expat and Sablotron packages (no errors).

My PHP configure was 

---------------------------------------------
./configure  --prefix=/etc --with-apache=/usr/src/Apachetoolbox-1.5.45/apache_1.3.22 --enable-exif --enable-track-vars --with-calendar=shared --enable-safe-mode --enable-magic-quotes --enable-trans-sid --enable-wddx --enable-ftp --with-gd=/etc --with-zlib --enable-gd-native-tt --with-t1lib=/etc/lib/php/t1libs --with-jpeg-dir=/etc --with-png-dir=/etc --with-zlib-dir=/etc --with-ttf --with-freetype-dir=/etc --with-mcrypt --with-openssl --with-mysql=/usr --enable-xslt --with-dom --with-xslt-sablot
---------------------------------------------
The Apache configure was 

---------------------------------------------
./configure \
"--with-layout=Apache" \
"--prefix=/etc/httpd" \
"--enable-suexec" \
"--suexec-caller=nobody" \
"--enable-module=so" \
"--enable-module=access" \
"--disable-module=auth_db" \
"--disable-module=digest" \
"--enable-module=imap" \
"--enable-module=mime" \
"--enable-module=setenvif" \
"--disable-module=usertrack" \
"--enable-module=auth" \
"--disable-module=cern_meta" \
"--disable-module=expires" \
"--enable-module=log_config" \
"--disable-module=proxy" \
"--disable-module=vhost_alias" \
"--disable-module=auth_anon" \
"--enable-module=cgi" \
"--disable-module=headers" \
"--disable-module=log_referer" \
"--enable-module=rewrite" \
"--enable-module=userdir" \
"--enable-module=asis" \
"--enable-module=autoindex" \
"--disable-module=example" \
"--disable-module=log_agent" \
"--enable-module=negotiation" \
"--disable-module=status" \
"--enable-module=actions" \
"--disable-module=auth_dbm" \
"--enable-module=dir" \
"--enable-module=include" \
"--disable-module=mime_magic" \
"--disable-module=unique_id" \
"--enable-module=alias" \
"--disable-module=auth_digest" \
"--enable-module=env" \
"--disable-module=info" \
"--disable-module=mmap_static" \
"--disable-module=speling" \
"--add-module=/usr/src/Apachetoolbox-1.5.45/src/apache-contrib-1.0.8/mod_macro/mod_macro.c" \
"--activate-module=src/modules/perl/libperl.a" \
"--add-module=/usr/src/Apachetoolbox-1.5.45/src/mod_bandwidth.c" \
"--activate-module=src/modules/php4/libphp4.a" \
---------------------------------------------


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-12-12 13:38 UTC] mike at blueroot dot net
Just tried compiling 4.0.6 with the same options, same crash, but different debug output

Program received signal SIGSEGV, Segmentation fault.

0x8132250 in xslt_call_function (name=0x82b1fb5 "scheme get all", fptr=0x48544150, argc=3, argv=0xbfffdf60,
    retval=0xbfffdf5c) at xslt.c:218
218             error = call_user_function(EG(function_table),
(gdb) bt
#0  0x8132250 in xslt_call_function (name=0x82b1fb5 "scheme get all", fptr=0x48544150, argc=3, argv=0xbfffdf60,
    retval=0xbfffdf5c) at xslt.c:218
#1  0x81031de in scheme_getall (user_data=0x849718c, proc=0x8498b80,
    scheme=0x84958f8 "<?xml version=\"1.0\" encoding=\"utf-8\"?><xsl",
    rest=0x849bfc8 "/stylesheet version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"> <xsl:output\tme
thod=\"html\"\tindent=\"yes\"\tencoding=\"utf-8\"/>\n<xsl:template match=\"/backslash\"> \n      <html> \n
<head> \n"..., buffer=0x8495a48, byte_count=0xbfffe03c) at sablot.c:674
#2  0x400b1094 in DataLine::open (this=0x8495a30, S=@0x84956c8,
    _uri=0x849c980 "<?xml version=\"1.0\" encoding=\"utf-8\"?><xsl:/stylesheet version=\"1.0\" xmlns:xsl=\"http://w
ww.w3.org/1999/XSL/Transform\"> <xsl:output\tmethod=\"html\"\tindent=\"yes\"\tencoding=\"utf-8\"/>\n<xsl:template m
atch=\"/b"..., _mode=DLMODE_READ, argList_=0x8498bc0) at uri.cpp:466
#3  0x400a1f7d in Processor::addLineParse (this=0x8498b80, S=@0x84956c8, newTree=@0x8498b84,
    absolute=@0xbfffe150, isXSL=1) at guard.h:156
#4  0x400a26e6 in Processor::readTreeFromURI (this=0x8498b80, S=@0x84956c8, newTree=@0x8498b84,
    location=@0xbfffe220, base=@0xbfffe200, isXSL=1) at proc.cpp:602
#5  0x400a0445 in Processor::open (this=0x8498b80, S=@0x84956c8,
    sheetURI=0x849ac64 "<?xml version=\"1.0\" encoding=\"utf-8\"?><xsl:stylesheet version=\"1.0\" xmlns:xsl=\"http:

//www.w3.org/1999/XSL/Transform\"> <xsl:output\tmethod=\"html\"\tindent=\"yes\"\tencoding=\"utf-8\"/>\n<xsl:templat
e match=\"/ba"...,
    inputURI=0x8495f8c "<?xml version=\"1.0\"?>\r\n<backslash xmlns:backslash=\"http://slashdot.org/backslash.dtd\"
>\r\n <story>\r\n         <title>Free Stripped-Down 3D Studio Max</title>\r\n         <url>http://slashdot.org/arti
cle.pl"...) at proc.cpp:276
#6  0x400a5c2b in SablotRunProcessor (processor_=0x8498b80,
    sheetURI=0x849ac64 "<?xml version=\"1.0\" encoding=\"utf-8\"?><xsl:stylesheet version=\"1.0\" xmlns:xsl=\"http:

//www.w3.org/1999/XSL/Transform\"> <xsl:output\tmethod=\"html\"\tindent=\"yes\"\tencoding=\"utf-8\"/>\n<xsl:templat
e match=\"/ba"...,
    inputURI=0x8495f8c "<?xml version=\"1.0\"?>\r\n<backslash xmlns:backslash=\"http://slashdot.org/backslash.dtd\"
>\r\n <story>\r\n         <title>Free Stripped-Down 3D Studio Max</title>\r\n         <url>http://slashdot.org/arti
cle.pl"..., resultURI=0x82b1f51 "arg:/_result", params=0x0, arguments=0x0) at sablot.cpp:407
#7  0x8102c5e in php_if_xslt_process (ht=3, return_value=0x8495a7c, this_ptr=0x0, return_value_used=0)
    at sablot.c:471
#8  0x813867d in execute (op_array=0x8494e7c) at ./zend_execute.c:1504
#9  0x8111c1e in zend_execute_scripts (type=8, file_count=3) at zend.c:752
#10 0x8091167 in php_execute_script (primary_file=0xbffff840) at main.c:1206
#11 0x811d5e6 in apache_php_module_main (r=0x83ee79c, display_source_mode=0) at sapi_apache.c:89
#12 0x808eb88 in send_php ()
#13 0x808ebbd in send_parsed_php ()
#14 0x817cfb3 in ap_invoke_handler ()
#15 0x8191197 in process_request_internal ()
#16 0x81911f8 in ap_process_request ()
#17 0x818865d in child_main ()
#18 0x8188808 in make_child ()
#19 0x818897c in startup_children ()
#20 0x8188ff4 in standalone_main ()
#21 0x8189847 in main ()
#22 0x40327f31 in __libc_start_main (main=0x81894b0 <main>, argc=2, ubp_av=0xbffffb14, init=0x808bfc8 <_init>,
    fini=0x829cff0 <_fini>, rtld_fini=0x4000e274 <_dl_fini>, stack_end=0xbffffb0c)
    at ../sysdeps/generic/libc-start.c:129
 [2001-12-12 13:40 UTC] mike at blueroot dot net
libc version

glibc-2.2-12 RPM
libc-2.2.so
libc.so.6
 [2001-12-14 12:03 UTC] sterling@php.net
rtfm... the syntax for the xslt extension has changed, use the new syntax.
 [2001-12-14 13:02 UTC] derick@php.net
But PHP generating nice corefiles is not ok, reopening.

Derick
 [2001-12-16 07:58 UTC] derick@php.net
This should be fixed now, can you try a snapshot from snaps.php.net to verify it is fixed for you?

Derick
 [2001-12-16 19:02 UTC] mike at blueroot dot net
The server is still crashing with this error

Starting program: /etc/httpd/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4008d044 in Situation::generateMessage (this=0x3c202020, type=1498698543,
    code=171853132, arg1=@0x20202020, arg2=@0x20202020, theMessage=@0x682f3c20)
    at situa.cpp:263
263     situa.cpp: No such file or directory.
Current language:  auto; currently c++
(gdb) bt
#0  0x4008d044 in Situation::generateMessage (this=0x3c202020,
    type=1498698543, code=171853132, arg1=@0x20202020, arg2=@0x20202020,
    theMessage=@0x682f3c20) at situa.cpp:263
#1  0x20202020 in ?? () at eval.c:41
Cannot access memory at address 0x20202020

configuration directives were the same as before
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 05:01:30 2024 UTC