php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22786 Crash when trying to call DomAttribute's set_namespace method
Submitted: 2003-03-19 05:45 UTC Modified: 2003-03-20 03:50 UTC
From: ed at avi dot ru Assigned: chregu
Status: Closed Package: DOM XML related
PHP Version: 4.3.2RC OS: any
Private report: No CVE-ID:
 [2003-03-19 05:45 UTC] ed at avi dot ru
The following code works correctly:

<?PHP

	$doc = domxml_new_doc ('1.0');
	$root = $doc->append_child ($doc->create_element ('root'));

	$root->set_attribute ('attr', 'value');

	$attr = $root->get_attribute_node ('attr');
	$root->set_attribute ('attr-class', get_class ($attr));	print ($doc->dump_mem ());

?>

The output is the following:

<?xml version="1.0" ?>
<root attr="value" attr-class="domattribute" />

It proves that $attr contains an object of type DomAttribute. But if we insert the following line:

	$attr->set_namespace ('urn:test:test');

the PHP crashes. Apache (1.3.26 with PHP as module) showes the following data (the output is translated from Russian):

Program APACHE failed when accessing memory page in module PHP_DOMXML.DLL on address 015f:01311685.
Registers:
EAX=00000031 CS=015f EIP=01311685 EFLGS=00010202
EBX=00844f70 SS=0167 ESP=035ff5d8 EBP=055f3f60
ECX=05495894 DS=0167 ESI=00000031 FS=8caf
EDX=035ff575 ES=0167 EDI=055f2110 GS=0000
Bytes on address CS:EIP:
8a 16 8a 01 46 3a d0 75 0c 41 84 c0 75 f2 b8 01 
Stack contents:
05495894 012fc05e 00000031 05495894 00844f70 055f3f60 035ffb88 00844f70 012f6198 055f3fa0 055f3f60 05495894 00000000 05495030 00000000 00000017 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-19 10:43 UTC] sniper@php.net
Backtrace with 4.3.2-RC:

(gdb) bt
#0  0x41e469b6 in xmlSearchNsByHref () from /usr/lib/libxml2.so.2
#1  0x80e2454 in zif_domxml_node_set_namespace (ht=1, return_value=0x875593c, this_ptr=0x8754d34, return_value_used=0)
    at /usr/src/web/php/php4/ext/domxml/php_domxml.c:3342
#2  0x82cb4e2 in execute (op_array=0x8754064) at /usr/src/web/php/php4/Zend/zend_execute.c:1606
#3  0x82b8024 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/web/php/php4/Zend/zend.c:864
#4  0x827be87 in php_execute_script (primary_file=0xbffff8dc) at /usr/src/web/php/php4/main/main.c:1636
#5  0x82df177 in main (argc=2, argv=0xbffff944) at /usr/src/web/php/php4/sapi/cli/php_cli.c:753
#6  0x41edc9cb in __libc_start_main (main=0x82de554 <main>, argc=2, argv=0xbffff944, init=0x80ad77c <_init>, 
    fini=0x8469468 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff93c)
    at ../sysdeps/generic/libc-start.c:92

 [2003-03-20 01:14 UTC] chregu@php.net
I'm investigating..



 [2003-03-20 03:50 UTC] chregu@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

And fixed in stable branch PHP_4_3
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 21:01:55 2014 UTC