php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24957 simplexml: var_dump of object segfaults
Submitted: 2003-08-05 19:35 UTC Modified: 2003-08-07 16:49 UTC
From: tater at potatoe dot com Assigned:
Status: Closed Package: XML related
PHP Version: 5CVS-2003-08-05 (dev) OS: OS X 10.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-08-05 19:35 UTC] tater at potatoe dot com 
Description:
------------
a var_dump() of an object created with simplexml_load_string() 
segfaults. accessing one of the nodes first prevents this,
though one value that should be a simple string is coming
out as type UNKNOWN even then.


Reproduce code:
---------------
$xml = simplexml_load_string('<array><data><value>a</value><value>b</value></data></array>');
// uncomment either line to prevent segfault
// var_dump($xml->data);
// $foo = $xml->data;
var_dump($xml);

Expected result:
----------------
object(simplexml_element)#1 (1) {
  ["data"]=>
  object(simplexml_element)#3 (1) {
    ["value"]=>
    array(2) {
      [0]=>
      string(1) "a"
      [1]=>
      string(1) "b"
    }
  }
}

Actual result:
--------------
(gdb) run wow.php
Starting program: /usr/local/book/php/bin/php wow.php
[Switching to process 8904 thread 0xb03]
Reading symbols for shared libraries . done
Reading symbols for shared libraries ............ done
object(simplexml_element)#1 (1) {
  ["data"]=>
  [Tue Aug  5 17:36:34 2003]  Script:  'wow.php'
---------------------------------------
/Users/tater/book/php-src/Zend/zend_execute_API.c(354) : Block 0x00C72C88 status:
/Users/tater/book/php-src/Zend/zend_variables.c(45) : Actual location (location was relayed)
Beginning:      Overrun (magic=0x00000000, expected=0x7312F8DC)

Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90074108 in memmove ()
(gdb) bt
#0  0x90074108 in memmove ()
#1  0x001fdf8c in _mem_block_check (ptr=0xc72cb0, silent=0, __zend_filename=0x2aa004 "/Users/tater/book/php-src/Zend/zend_execute_AI.c", __zend_lineno=354, __zend_orig_filename=0x2aa518 "/Users/tater/book/php-src/Zend/zend_variables.c", __zend_orig_lineno=45) at/Users/tater/book/php-src/Zend/zend_alloc.c:712
#2  0x001fdf44 in _mem_block_check (ptr=0xc72cb0, silent=1, __zend_filename=0x2aa004 "/Users/tater/book/php-src/Zend/zend_execute_AI.c", __zend_lineno=354, __zend_orig_filename=0x2aa518 "/Users/tater/book/php-src/Zend/zend_variables.c", __zend_orig_lineno=45) at/Users/tater/book/php-src/Zend/zend_alloc.c:704
#3  0x001fcbe4 in _efree (ptr=0xc72cb0, __zend_filename=0x2aa004 "/Users/tater/book/php-src/Zend/zend_execute_API.c", __zend_lineno354, __zend_orig_filename=0x2aa518 "/Users/tater/book/php-src/Zend/zend_variables.c", __zend_orig_lineno=45) at /Users/tater/book/pp-src/Zend/zend_alloc.c:259
#4  0x0021c288 in _zval_dtor (zvalue=0xafdda8, __zend_filename=0x2aa004 "/Users/tater/book/php-src/Zend/zend_execute_API.c", __zendlineno=354) at /Users/tater/book/php-src/Zend/zend_variables.c:45
#5  0x0020d434 in _zval_ptr_dtor (zval_ptr=0xafde04, __zend_filename=0x2aa518 "/Users/tater/book/php-src/Zend/zend_variables.c", __end_lineno=165) at /Users/tater/book/php-src/Zend/zend_execute_API.c:354
#6  0x0021c6d8 in _zval_ptr_dtor_wrapper (zval_ptr=0xafde04) at /Users/tater/book/php-src/Zend/zend_variables.c:165
#7  0x00226db4 in zend_hash_quick_add_or_update (ht=0xafdcd8, arKey=0xc72e20 "value", nKeyLength=6, h=574111618, pData=0xbfffd7d8, DataSize=4, pDest=0x0, flag=1) at /Users/tater/book/php-src/Zend/zend_hash.c:288
#8  0x0009e1ac in sxe_properties_get (object=0xafd9c0) at /Users/tater/book/php-src/ext/simplexml/simplexml.c:436
#9  0x0017fe30 in php_var_dump (struc=0xafdb94, level=3) at /Users/tater/book/php-src/ext/standard/var.c:97
#10 0x0017f9fc in php_array_element_dump (zv=0xafdb94, num_args=1, args=0xbfffd9a8 "", hash_key=0xbfffd960) at /Users/tater/book/ph-src/ext/standard/var.c:55
#11 0x00228b8c in zend_hash_apply_with_arguments (ht=0xafd8f0, destruct=0x17f940 <php_array_element_dump>, num_args=1) at /Users/taer/book/php-src/Zend/zend_hash.c:703
#12 0x0017ff98 in php_var_dump (struc=0xaf4db0, level=1) at /Users/tater/book/php-src/ext/standard/var.c:110
#13 0x001801e4 in zif_var_dump (ht=1, return_value=0xafca78, this_ptr=0x0, return_value_used=0) at /Users/tater/book/php-src/ext/stndard/var.c:151
#14 0x0024efa8 in zend_do_fcall_common_helper (execute_data=0xbfffdc80, op_array=0xafd268) at /Users/tater/book/php-src/Zend/zend_eecute.c:2514
#15 0x0024f888 in zend_do_fcall_handler (execute_data=0xbfffdc80, op_array=0xafd268) at /Users/tater/book/php-src/Zend/zend_executec:2647
#16 0x00248a44 in execute (op_array=0xafd268) at /Users/tater/book/php-src/Zend/zend_execute.c:1242
#17 0x0021efd8 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /Users/tater/book/php-src/Zend/zend.c:1032
#18 0x001c3764 in php_execute_script (primary_file=0xbffff6e0) at /Users/tater/book/php-src/main/main.c:1573
#19 0x00265e5c in main (argc=2, argv=0xbffffc60) at /Users/tater/book/php-src/sapi/cli/php_cli.c:910
#20 0x0000247c in _start (argc=2, argv=0xbffffc60, envp=0xbffffc6c) at /SourceCache/Csu/Csu-45/crt.c:267
#21 0x000022fc in start ()
(gdb)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-07 16:49 UTC] rrichards@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 07:01:31 2024 UTC