php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18148 domxml module crashes PHP on module unload
Submitted: 2002-07-03 14:30 UTC Modified: 2002-08-14 10:42 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: php4bug at johnzero dot hu Assigned:
Status: No Feedback Package: DOM XML related
PHP Version: 4.2.1 OS: Linux
Private report: No CVE-ID: None
 [2002-07-03 14:30 UTC] php4bug at johnzero dot hu
The following simple program crashes PHP4-CGI (presumably the PHP4 Apache module, too).




test.php
------------------------------------------------
<?php                                                                                    
if (!extension_loaded("domxml")) @dl("domxml.so");                                       
                                                                                         
$xml="test.xml";                                                                         
$object=domxml_open_file($xml);                                                          
$root=$object->document_element();                                                       
$nodes=$root->get_elements_by_tagname("module");                                         
                                                                                         
@reset($nodes);                                                                          
while($node=each($nodes)) {                                                              
        $cname=$node["value"]->get_attribute("class");                                   
        var_dump($cname);                                                                
}                                                                                        
?>

test.xml
-----------------
<?xml                                                                                    
        version="1.0"                                                                    
        encoding="ISO8859-2"                                                             
        standalone='yes'                                                                 
?>                                                                                       
<xpps>                                                                                   
        <module class="top">                                                             
                <id>2</id>                                                               
        </module>                                                                        
                                                                                         
        <module class="top2">                                                            
                <id>3</id>                                                               
        </module>                                                                        
                                                                                       </xpps>


gdb output:
-----------------
(gdb) set args test.php
(gdb) run
Starting program: /usr/bin/php4 test.php
X-Powered-By: PHP/4.2.1
Content-type: text/html

string(3) "top"
string(4) "top2"

Program received signal SIGSEGV, Segmentation fault.
0x402aad63 in free () from /lib/libc.so.6
(gdb) bt
#0  0x402aad63 in free () from /lib/libc.so.6
#1  0x402aaac3 in free () from /lib/libc.so.6
#2  0x080fbc94 in zend_hash_del_key_or_index (ht=0x8187d90, 
    arKey=0x400266d6 "domxml_open_mem", nKeyLength=16, h=2217637771, flag=0)
    at ../../Zend/zend_hash.c:517
#3  0x080fa1e0 in zend_unregister_functions (functions=0x40028c20, count=-1, 
    function_table=0x0) at ../../Zend/zend_API.c:1088
#4  0x080fa2b1 in module_destructor (module=0x81e1330) at ../../Zend/zend_API.c:1131
#5  0x080fc03d in zend_hash_apply_deleter (ht=0x8187cc0, p=0x81e1300)
    at ../../Zend/zend_hash.c:596
#6  0x080fc28c in zend_hash_apply (ht=0x8187cc0, 
    apply_func=0x80fa34c <module_registry_cleanup>) at ../../Zend/zend_hash.c:687
#7  0x080f7956 in zend_deactivate_modules () at ../../Zend/zend.c:581
#8  0x08065e99 in php_request_shutdown (dummy=0x0)
    at /mnt/jasmin/src2/php4-4.2.1/main/main.c:775
#9  0x08064414 in main (argc=2, argv=0xbffffac4)
    at /mnt/jasmin/src2/php4-4.2.1/sapi/cgi/cgi_main.c:827
#10 0x4025565f in __libc_start_main () from /lib/libc.so.6



--------

Some analysis:

In zend_API.c, the module_destructor(zend_module_entry *module) gets called on the end of the program, on module unload. The problem surfaces in clean_module_constants. The module is "domxml", so it seems that the DOM-XML module is broken, and somehow corrupts(?) the constants.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-03 14:34 UTC] php4bug at johnzero dot hu
By the way, I tried the latest DOMXML code (from CVS), and it still seems to be broken.

Presumably the problem wouldn't surface if domxml wasn't used as a module, but this is not a solution.
 [2002-07-04 03:02 UTC] chregu@php.net
I can't reproduce your problem.

Can you provide your configure line and libxml2 version?

chregu
 [2002-08-14 10:42 UTC] chregu@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 13 18:01:28 2024 UTC