php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14560 segault when translating
Submitted: 2001-12-17 10:33 UTC Modified: 2001-12-17 12:07 UTC
From: chall5 at tampabay dot rr dot com Assigned:
Status: Closed Package: XSLT related
PHP Version: 4.1.0 OS: redhat 7.1
Private report: No CVE-ID: None
 [2001-12-17 10:33 UTC] chall5 at tampabay dot rr dot com
given the following xml (bug_report.xml):

<?xml version="1.0" encoding="utf-8" ?>
<ITEM>
	<TEST>1</TEST>
	<ABC>0</ABC>
</ITEM>

and the following xsl (bug_report.xsl):

<?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

<xsl:output method="text" indent="no"/>

<xsl:param name="TEST"/>
<xsl:param name="ABC"/>

<xsl:template match="/">
	<xsl:apply-templates select="ITEM[TEST=$TEST and ABC=$ABC]"/>
</xsl:template>

<xsl:template match="ITEM">
	position: <xsl:value-of select="position()"/>
</xsl:template>

</xsl:stylesheet>

and the following php (bug_report.php):

<?php

/*
* this function is the xslt processor
* @param ($xml) string xml text-data
* @param ($xsl) string xsl stylesheet
* @param ($addl_buffers) array additional xml buffers, if any
* @param ($rt_params) array run-time paramaters for the stylesheet, if any. optional.
* @return ($data) xslt translated data
*/
function transform_xslt ($xml = '', $xsl = '', $addl_buffers = '', $rt_params = array()) {
	$args = array(	"/_xml" => $xml,
					"/_xsl" => $xsl
					);

	/* add addl buffers here */
	/* testng */
	if($addl_buffers != '') {
		foreach($addl_buffers as $buffer_name => $values) {
			$args[$buffer_name] = $values;
		}
	}
	
	$xh = xslt_create();

	$data = xslt_process($xh, "arg:/_xml", "arg:/_xsl", NULL, $args, $rt_params)
		or $data = xslt_error($xh).":".xslt_errno($xh);
	
	xslt_free($xh);
	
	return($data);
}

$xml = join('', file("bug_report.xml"));
$xsl = join('', file("bug_report.xsl"));
$params = array("TEST" => 1, "ABC" => 0);
$trans = transform_xslt($xml, $xsl, "", $params);

echo "<pre>\n";
echo $trans;
echo "</pre>\n";
?>

if you inadvertently use:

<xsl:apply-templates match="ITEM[@TEST=$TEST and @ABC=ABC]"/>

on line 10 of bug_report.xsl instead of:

<xsl:apply-templates match="ITEM[TEST=$TEST and ABC=$ABC]"/>


apache/php segfaults with the following:


Program received signal SIGSEGV, Segmentation fault.
(gdb) bt0x403cf6c0 in zif_xslt_error (ht=1, return_value=0x818955c, this_ptr=0x0, return_value_used=1) at sablot.c:584
584             RETURN_STRING(XSLT_ERRSTR(handle), 1);
(gdb) bt
#0  0x403cf6c0 in zif_xslt_error (ht=1, return_value=0x818955c, this_ptr=0x0, return_value_used=1) at sablot.c:584
#1  0x40339cbc in execute (op_array=0x8176ee8) at ./zend_execute.c:1590
#2  0x40339ef6 in execute (op_array=0x81308ec) at ./zend_execute.c:1630
#3  0x40347fb0 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:814
#4  0x403558b9 in php_execute_script (primary_file=0xbffff5d0) at main.c:1309
#5  0x40351966 in apache_php_module_main (r=0x812697c, display_source_mode=0) at sapi_apache.c:90
#6  0x40352446 in send_php (r=0x812697c, display_source_mode=0, filename=0x0) at mod_php4.c:575
#7  0x403524aa in send_parsed_php (r=0x812697c) at mod_php4.c:590
#8  0x8053bb3 in ap_invoke_handler ()
#9  0x806791f in process_request_internal ()
#10 0x8067980 in ap_process_request ()
#11 0x805ee45 in child_main ()
#12 0x805eff0 in make_child ()
#13 0x805f164 in startup_children ()
#14 0x805f7b3 in standalone_main ()
#15 0x805ffcf in main ()
#16 0x40169b5c in __libc_start_main (main=0x805fc38 <main>, argc=2, ubp_av=0xbffffa54, init=0x804e1fc <_init>, fini=0x807ce80 <_fini>,
    rtld_fini=0x4000d634 <_dl_fini>, stack_end=0xbffffa4c) at ../sysdeps/generic/libc-start.c:129




./configure options:
--cache-file=/dev/null --with-config-file-path=/usr/local/apache/conf --enable-trans-sid --with-imap --with-imap-ssl --enable-ftp --enable-track-
vars --with-mysql=/usr/local/mysql --enable-libgcc --disable-debug --with-db --verbose --with-gdbm --with-ndbm --with-db2 --with-gd=shared --with-ttf --with-xml
 --with-zlib --with-mhash --prefix=/usr/local/php --with-regex=system --enable-memory-limit --enable-calendar --enable-sysvsem --enable-sysvshm --with-bz2 --wit
h-gettext --with-jpeg-dir=/usr --with-xpm-dir=/usr/X11R6 --with-ldap --with-mcal=/usr/local/src/libmcal --enable-exif --with-pcre-regex=/usr/local/lib --without
-pgsql --enable-yp --enable-shmop --with-snmp --enable-sockets --enable-dba --with-kerberos=/usr/kerberos --with-pspell --with-expat-dir=/usr --with-pear --with
-iconv --enable-xslt --with-xslt-sablot --with-mnogosearch=/usr/local/mnogosearch

sablot version: 0.71

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-12-17 10:35 UTC] derick@php.net
This is fixed already (you can try a snapshot from snaps.php.net to verify that).

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC