php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17579 Handler set by xslt_set_sax_handlers gets random data.
Submitted: 2002-06-03 11:58 UTC Modified: 2002-09-30 20:14 UTC
From: cywulf at ottawa dot com Assigned:
Status: Closed Package: XSLT related
PHP Version: 4.2.1 OS: Linux 2.4.19
Private report: No CVE-ID: None
 [2002-06-03 11:58 UTC] cywulf at ottawa dot com
SAX handlers attached to an XSL transform via   
xslt_set_sax_handlers are not performing as expected when   
the target is a processing instruction.   
In fact, the handler is passed completely random data,   
generally non-printing characters, in place of the PI   
content. 
Test system is running Sablotron 0.90, on Apache 1.3.24. 
PHP is configured using --enable-xslt and 
--with-xslt-sablot (among many other options). 
Minimal sample code follows.   
   
<?php  
	$xslt = xslt_create();  
	$args = array(  
	"/_xml" => '<?xml version="1.0" encoding="UTF-8"?>  
	<test />',  
  
	"/_xsl" => '<?xml version="1.0" encoding="UTF-8"?>  
	<xsl:stylesheet version="1.0"  
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">  
		<xsl:template match="test">  
			<xsl:processing-instruction  
name="php"><![CDATA[  
				print "hello world";  
			]]></xsl:processing-instruction>  
		</xsl:template>  
	</xsl:stylesheet>'  
  	);  
  
  	function handle_pi($processor, $content, $target)  
  	{	echo '<pre>';  
		echo "processor: $processor\n";  
		echo "target: $target\n";  
		echo "content: $content\n";  
		echo '</pre>';  
	}  
  
	xslt_set_sax_handlers($xslt,  
array('pi'=>'handle_pi'));  
	xslt_process($xslt, "arg:/_xml", "arg:/_xsl",  
NULL, $args);  
	xslt_free($xslt);  
?>  

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-03 14:32 UTC] cywulf at ottawa dot com
I have since verified that the same behaviour applies to  
comment handlers. Interestingly, if a PI handler and 
comment handler are both triggered on the same page, they 
will both receive the SAME random data in their content 
fields. 
When trying to check the behaviour of character data 
handlers, Apache segfaulted every time. 
	[notice] child pid 5537 exit signal Segmentation  
fault (11)  
  
Forgot to specify that my expat version is 1.95.2.
 [2002-06-03 14:35 UTC] mfischer@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2002-06-03 18:10 UTC] cywulf at ottawa dot com
As I said above, it is only segfaulting on character data  
handlers. Using a modified sample script, this was the 
backtrace I obtained. 
I suspect that it indicates the problem lies with  
Sablotron, in which case I guess you can just close the  
bug?  
  
(gdb) bt  
#0  0x4023472c in memcpy () from /lib/libc.so.6  
#1  0x081080d7 in _estrndup (s=0x81c0628  
"`+\034\b?\030\034\b",  
    length=136080488, __zend_filename=0x815e98b  
"sablot.c",  
    __zend_lineno=1223, __zend_orig_filename=0x0,  
__zend_orig_lineno=0)  
    at zend_alloc.c:346  
#2  0x080fe187 in sax_characters (ctx=0x81c6b0c,  
    contents=0x81c0628 "`+\034\b?\030\034\b",  
length=136080488)  
    at sablot.c:1223  
#3  0x40094b6e in OutputterObj::reportCurrData ()  
   from /usr/lib/libsablot.so.0  
#4  0x400949cf in OutputterObj::eventEndOutput ()  
   from /usr/lib/libsablot.so.0  
#5  0x4009acf8 in Processor::run () from  
/usr/lib/libsablot.so.0  
#6  0x400a091d in SablotRunProcessor () from  
/usr/lib/libsablot.so.0  
#7  0x080fc72a in zif_xslt_process (ht=5,  
return_value=0x81c0eec,  
    this_ptr=0x0, return_value_used=0) at sablot.c:512  
#8  0x0814039a in execute (op_array=0x81c080c) at  
./zend_execute.c:1598  
#9  0x081195f9 in zend_execute_scripts (type=8,  
retval=0x0,  
    file_count=3) at zend.c:810  
#10 0x08062a81 in php_execute_script  
(primary_file=0xbffff754)  
    at main.c:1381  
#11 0x0805ffd1 in main (argc=2, argv=0xbffff7e4) at  
cgi_main.c:778  
#12 0x401d33c1 in __libc_start_main () from /lib/libc.so.6  
(gdb) frame 8  
#8  0x0814039a in execute (op_array=0x81c080c) at  
./zend_execute.c:1598  
1598                                                     
((zend_internal_function *)  
EX(function_state).function)->handler(EX(opline)->extended_value,  
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,  
return_value_used TSRMLS_CC);
 [2002-06-03 21:03 UTC] cywulf at ottawa dot com
I finally resolved this problem by applying a patch posted 
to the php.dev newsgroup, a copy is available here. 
http://groups.google.ca/groups?q=xslt+sablotron+0.90+patch&hl=en&lr=&ie=UTF8&oe=UTF8&selm=abiqsg%24p4t%241%40FreeBSD.csie.NCTU.edu.tw&rnum=1 
The patch was written for 4.1.2, but I can confirm that it 
works against 4.2.1 as well. 
Thanks Lenar! 
I'll leave it up to you volunteers to close this bug, in 
case you want to take further action.
 [2002-09-30 20:14 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC