PHP :: Bug #24715 :: PHP segfaults on creating domelement from domdocument-object with 2 arguments

Bug #24715	PHP segfaults on creating domelement from domdocument-object with 2 arguments
Submitted:	2003-07-19 09:12 UTC	Modified:	2003-07-19 10:00 UTC
From:	cw at centerwave dot de	Assigned:
Status:	Closed	Package:	DOM XML related
PHP Version:	5CVS-2003-07-19 (dev)	OS:	Linux 2.4.18
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-07-19 09:12 UTC] cw at centerwave dot de

Description:
------------
PHP segfaults while creating a DOM-element from a DOM-document-object with $document->createelement("Arg1","Arg2). If the 2nd argument is not set it works.

When creating domelement not from the domdocument-object with $element = new domelement("Arg1","Arg2") it works.

Reproduce code:
---------------
$document = new domdocument;

// This works
//$greeting = new domelement("greeting","hello world");

// This segfaults
$greeting = $document->createelement("greeting","hello world");



Expected result:
----------------
<greeting>hello world</greeting>

Actual result:
--------------
#0  0x0813a10c in _emalloc (size=28, __zend_filename=0x8176180 "/home/blacknight/php5-200307190930/ext/dom/php_dom.c", __zend_lineno=845, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/blacknight/php5-200307190930/Zend/zend_alloc.c:143
#1  0x0807cd74 in dom_objects_new (class_type=0x8203bd8, tsrm_ls=0x81b8e90) at /home/blacknight/php5-200307190930/ext/dom/php_dom.c:845
#2  0x0815024d in _object_and_properties_init (arg=0x4045ef50, class_type=0x8203bd8, properties=0x0, __zend_filename=0x8176180 "/home/blacknight/php5-200307190930/ext/dom/php_dom.c", __zend_lineno=969, tsrm_ls=0x81b8e90) at /home/blacknight/php5-200307190930/Zend/zend_API.c:681
#3  0x081502c1 in _object_init_ex (arg=0x4045ef50, class_type=0x8203bd8, __zend_filename=0x8176180 "/home/blacknight/php5-200307190930/ext/dom/php_dom.c", __zend_lineno=969, tsrm_ls=0x81b8e90) at /home/blacknight/php5-200307190930/Zend/zend_API.c:688
#4  0x0807cf1b in php_dom_create_object (obj=0x824b400, found=0xbfffd4d0, wrapper_in=0x0, return_value=0x4045ef50, domobj=0x4045fb10, tsrm_ls=0x81b8e90) at /home/blacknight/php5-200307190930/ext/dom/php_dom.c:969
#5  0x0807e275 in zif_dom_document_create_element (ht=2, return_value=0x4045ef50, this_ptr=0x4, return_value_used=1, tsrm_ls=0x81b8e90) at /home/blacknight/php5-200307190930/ext/dom/document.c:468
#6  0x0816bed4 in zend_do_fcall_common_helper (execute_data=Cannot access memory at address 0x13
) at /home/blacknight/php5-200307190930/Zend/zend_execute.c:2632
This frame inner-to next frame (corrupt stack?)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-07-19 10:00 UTC] rrichards@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 29 07:00:01 2025 UTC