php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24566 Client Segmentation Fault in XML_ParserCreateNS()
Submitted: 2003-07-09 11:37 UTC Modified: 2003-07-09 17:17 UTC
From: wilhelm_koestinger at at dot ibm dot com Assigned:
Status: Not a bug Package: XSLT related
PHP Version: 4.3.2 OS: AIX 5L ML2 32bit
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: wilhelm_koestinger at at dot ibm dot com
New email:
PHP Version: OS:

 

 [2003-07-09 11:37 UTC] wilhelm_koestinger at at dot ibm dot com
Description:
------------
./configure --without-pear --disable-cgi --with-apxs=$BASE/bin/apxs --prefix=$BA
SE --exec-prefix=$BASE \
--enable-sysvshm --enable-sysvsem \
--with-config-file-path=$BASE/conf --enable-safe-mode --enable-sigchild \
--enable-openssl=$BASE/ssl \
--with-zlib=shared,$BASE --with-zlib-dir=$BASE \
--with-curl=shared,$BASE \
--with-dom=shared,$BASE --with-zlib-dir=$BASE \
--with-iconv=shared,$BASE \
--with-mysql=no \
--with-expat-dir=$BASE \
--enable-xslt --with-xslt-sablot=$BASE --with-expat-dir=$BASE --with-iconv-dir=$
BASE \
--enable-shared

$BASE=/usr/local/something


../../bin/php[8]: 43306 Segmentation fault(coredump)

Core was generated by `php'.
Program terminated with signal 11, Segmentation fault.
#0  0xd63640e0 in XML_ParserCreateNS ()


We are heavily using Sablotron and Expat XML,XSLT features.

Sablotron 0.98
Expat 1.95.6
Zlib 1.1.4
libxml2 2.5.6
curl 7.10.5
php 4.3.2
iconv 1.8
apache 1.3.27
modssl 2.8.14
openssl 0.9.7b

We compiled all of above with the AIX Linux Toolbox GNU utilities.

Please contact me for any further information you may need.


Reproduce code:
---------------
sorry, the code is several kilobytes long, can be sent on request.

Actual result:
--------------
backtrace:

#0  0xd63640e0 in XML_ParserCreateNS ()
#1  0xd635dddc in TreeConstructer::parseDataLineUsingExpat (this=0x2ff1f290,
    S=@0x2006df98, t=0x20122898, d=0x2006e538, base_=0x0) at parser.cpp:107
#2  0xd6313dac in Tree::parse (this=0x20122898, S=@0x20122898, d=0x2006e538)
    at tree.cpp:1399
#3  0xd62dc6a8 in Processor::addLineParse (this=0x2006e018, S=@0x2006df98,
    newTree=@0x2006e01c, absolute=@0x2ff1f3c8, isXSL=1, ignoreErr=0)
    at guard.h:65104
#4  0xd62dce7c in Processor::readTreeFromURI (this=0x2006e018, S=@0x2006df98,
    newTree=@0x2006e01c, location=@0x2006e398, base=@0x2ff1f440, isXSL=1,
    ignoreErr=0) at proc.cpp:646
#5  0xd62da428 in Processor::open (this=0x2006e018, S=@0x2006df98,
    sheetURI=0x20112658 <Address 0x20112658 out of bounds>,
    inputURI=0x201125a8 <Address 0x201125a8 out of bounds>) at proc.cpp:314
#6  0xd635c2e8 in SablotRunProcessorGen (S=0x2006df98, processor_=0x2006e018,
    sheetURI=0x20112658 <Address 0x20112658 out of bounds>,
    inputURI=0x201125a8 <Address 0x201125a8 out of bounds>,
    resultURI=0x10170ed4 "arg:/_result") at sablot.cpp:374
#7  0x10102b38 in zif_xslt_process (ht=5, return_value=0x20112968,
    this_ptr=0x0, return_value_used=1)
    at /home/temp/eGovPDB/src/php-4.3.2/ext/xslt/sablot.c:590
#8  0x10026154 in execute (op_array=0x20070318)
    at /home/temp/eGovPDB/src/php-4.3.2/Zend/zend_execute.c:1606
#9  0x100263ec in execute (op_array=0x2006ae18)
    at /home/temp/eGovPDB/src/php-4.3.2/Zend/zend_execute.c:1650
#10 0x10028788 in execute (op_array=0x2005a608)
    at /home/temp/eGovPDB/src/php-4.3.2/Zend/zend_execute.c:2173
#11 0x1000ba18 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/temp/eGovPDB/src/php-4.3.2/Zend/zend.c:869
#12 0x100065e0 in php_execute_script (primary_file=0x2ff22628)
    at /home/temp/eGovPDB/src/php-4.3.2/main/main.c:1671
#13 0x10002130 in main (argc=2, argv=0x2ff2280c)
    at /home/temp/eGovPDB/src/php-4.3.2/sapi/cli/php_cli.c:806
#14 0x10000204 in __start ()



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-09 17:17 UTC] sniper@php.net
The crash seems to happen really deep in the sablot code.
Please report this to them.

 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Oct 28 17:01:24 2020 UTC