|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24497 PHP crash parsing very large xml file
Submitted: 2003-07-04 08:38 UTC Modified: 2003-07-12 21:13 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: deeno at ukf dot net Assigned:
Status: No Feedback Package: XML related
PHP Version: 4.3.2 OS: Redhat 7.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: deeno at ukf dot net
New email:
PHP Version: OS:


 [2003-07-04 08:38 UTC] deeno at ukf dot net
I'm using PHP to parse a very large XML file (a SOAP message - I use NuSOAP). This is usually resulting in a seg fault (stack trace below), but in some cases Apache is dumping the following error to the error log:

FATAL:  erealloc():  Unable to allocate -1073875731 bytes

Unfortunately, it is difficult to reproduce with a simple example due the the size of the data.

PHP was configured as follows:
./configure --with-apxs=/home/test/apache/bin/apxs --with-mm=/usr/lib --prefix=/opt/php --with-openssl=/opt/openssl/ --without-mysql --with-curl=/opt/curl/ --with-mcrypt=/opt/mcrypt/

Expected result:
Normal execution of script

Actual result:
Program received signal SIGSEGV, Segmentation fault.
0x40109a5a in chunk_alloc (ar_ptr=0x401be4e0, nb=32) at malloc.c:2879
2879    malloc.c: No such file or directory.
        in malloc.c
(gdb) where
#0  0x40109a5a in chunk_alloc (ar_ptr=0x401be4e0, nb=32) at malloc.c:2879
#1  0x40109858 in __libc_malloc (bytes=28) at malloc.c:2811
#2  0x404efbaf in _emalloc (size=12) at /home/do/php-4.3.2/Zend/zend_alloc.c:158
#3  0x40510fa7 in execute (op_array=0x8398814) at /home/do/php-4.3.2/Zend/zend_execute.c:1601
#4  0x404f67fe in call_user_function_ex (function_table=0x8521100, object_pp=0x8510b80, function_name=0x82f742c,
    retval_ptr_ptr=0xbffde9a8, param_count=3, params=0x18a8694c, no_separation=1, symbol_table=0x0)
    at /home/do/php-4.3.2/Zend/zend_execute_API.c:559
#5  0x404f6204 in call_user_function (function_table=0x81bbbc8, object_pp=0x8510b80, function_name=0x82f742c,
    retval_ptr=0x11c7674c, param_count=3, params=0xbffdea60) at /home/do/php-4.3.2/Zend/zend_execute_API.c:401
#6  0x404b7a06 in xml_call_handler (parser=0x8510b44, handler=0x82f742c, argc=3, argv=0xbffdea60)
    at /home/do/php-4.3.2/ext/xml/xml.c:377
#7  0x404b810a in _xml_startElementHandler (userData=0x8510b44, name=0x8454e38 "item", attributes=0x8368048)
    at /home/do/php-4.3.2/ext/xml/xml.c:661
#8  0x404bbb29 in doContent (parser=0x82b6a18, startTagLevel=0, enc=0x40547280,
    s=0x480704f6 "<item xsi:type=\"xsd:string\"></item>\n      <item xsi:type=\"xsd:string\"></item>\n      <item xsi:type=\"xsd:string\"></item>\n      <item xsi:type=\"xsd:string\"></item>\n      <item xsi:type=\"xsd:string\"></it"..., end=0x4922ba13 "", nextPtr=0x0) at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1659
#9  0x404bb2d8 in contentProcessor (parser=0x82b6a18,
    start=0x4794402f "<soapenv:Envelope xmlns:soapenv=\"\" xmlns:xsd=\"\" xmlns:xsi=\"\">\n <soapenv:Body>\n  <ns1:l"..., end=0x4922ba13 "", endPtr=0x0) at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1349
#10 0x404bd623 in doProlog (parser=0x82b6a18, enc=0x40547280,
    s=0x4794402f "<soapenv:Envelope xmlns:soapenv=\"\" xmlns:xsd=\"\" xmlns:xsi=\"\">\n <soapenv:Body>\n  <ns1:l"..., end=0x4922ba13 "", tok=29,
    next=0x4794402f "<soapenv:Envelope xmlns:soapenv=\"\" xmlns:xsd=\"\" xmlns:xsi=\"\">\n <soapenv:Body>\n  <ns1:l"..., nextPtr=0x0) at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:2687
#11 0x404bd1ba in prologProcessor (parser=0x82b6a18,
    s=0x47944008 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<soapenv:Envelope xmlns:soapenv=\"\" xmlns:xsd=\"\" xmlns:xsi=\""..., end=0x4922ba13 "", nextPtr=0x0) at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:2523
#12 0x404baefa in php_XML_ParseBuffer (parser=0x82b6a18, len=26114571, isFinal=1)
    at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1150
#13 0x404baea8 in php_XML_Parse (parser=0x82b6a18,
    s=0x4605c014 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<soapenv:Envelope xmlns:soapenv=\"\" xmlns:xsd=\"\" xmlns:xsi=\""..., len=26114571, isFinal=1) at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1140
#14 0x404b9742 in zif_xml_parse (ht=3, return_value=0x84588b4, this_ptr=0x0, return_value_used=1)
    at /home/do/php-4.3.2/ext/xml/xml.c:1340
#15 0x40511018 in execute (op_array=0x84f51a4) at /home/do/php-4.3.2/Zend/zend_execute.c:1606
#16 0x405111d6 in execute (op_array=0x83b90f4) at /home/do/php-4.3.2/Zend/zend_execute.c:1650
#17 0x405111d6 in execute (op_array=0x84e12b4) at /home/do/php-4.3.2/Zend/zend_execute.c:1650
#18 0x405111d6 in execute (op_array=0x8524e6c) at /home/do/php-4.3.2/Zend/zend_execute.c:1650
#19 0x405111d6 in execute (op_array=0x83614e4) at /home/do/php-4.3.2/Zend/zend_execute.c:1650
#20 0x405111d6 in execute (op_array=0x82d20ac) at /home/do/php-4.3.2/Zend/zend_execute.c:1650
#21 0x405111d6 in execute (op_array=0x84a82ac) at /home/do/php-4.3.2/Zend/zend_execute.c:1650
#22 0x404feb24 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/do/php-4.3.2/Zend/zend.c:869
#23 0x404d7c48 in php_execute_script (primary_file=0xbffebf40) at /home/do/php-4.3.2/main/main.c:1671
#24 0x405185c6 in apache_php_module_main (r=0x818fb20, display_source_mode=0)
    at /home/do/php-4.3.2/sapi/apache/sapi_apache.c:54
#25 0x405191a2 in send_php (r=0x818fb20, display_source_mode=0, filename=0x0)
    at /home/do/php-4.3.2/sapi/apache/mod_php4.c:617
#26 0x405191f6 in send_parsed_php (r=0x818fb20) at /home/do/php-4.3.2/sapi/apache/mod_php4.c:632
#27 0x0809bbc3 in ap_invoke_handler ()
#28 0x080b1067 in process_request_internal ()
#29 0x080b10c8 in ap_process_request ()
#30 0x080a7e39 in child_main ()
#31 0x080a8008 in make_child ()
#32 0x080a817c in startup_children ()
#33 0x080a87f4 in standalone_main ()
#34 0x080a9073 in main ()
#35 0x400a5687 in __libc_start_main (main=0x80a8cb0 <main>, argc=4, ubp_av=0xbffec384, init=0x8063920 <_init>,
    fini=0x81521a0 <_fini>, rtld_fini=0x4000dc54 <_dl_fini>, stack_end=0xbffec37c)
    at ../sysdeps/generic/libc-start.c:129


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-07 06:05 UTC]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

 [2003-07-12 21:13 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jul 13 12:01:29 2024 UTC