php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28771 Segfault when using xslt and clone
Submitted: 2004-06-14 11:00 UTC Modified: 2004-06-15 13:51 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: mbm at interflow dot dk Assigned:
Status: Closed Package: XSLT related
PHP Version: 5.0.0RC3 OS: FreeBSD 5.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mbm at interflow dot dk
New email:
PHP Version: OS:

 

 [2004-06-14 11:00 UTC] mbm at interflow dot dk
Description:
------------
This took us quite a while to locate, but when using xslt processor in colaboration with clone and then accesing the resulting domdocument you will end up with a segfault. This only seems to happen when used on cgi, not with cli (here anyways, it has been reproduced on rc1 cli). 
 We originally encountered this inside a rather big system so we tried to boil it down and the included script recreates the segfault. 
I've included a gdb backtrace - if you need aditional info feel free to mail me at mbm at interflow . dk.

Reproduce code:
---------------
$xmlString=<<<EOS
<?xml version="1.0" encoding="iso-8859-1"?>
<document>Test</document>
EOS;
$xslString = <<<EOS
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
</xsl:stylesheet>
EOS;
$xml = new DomDocument;
$xml->LoadXml($xmlString);
$xsl = new DomDocument;
$xsl->LoadXml($xslString);
$xsltProcessor = new XsltProcessor();
$xsltProcessor->ImportStylesheet($xsl);
$xml2 = $xsltProcessor->TransformToDoc($xml);
$xml2->SaveXml();
$xml3 = clone $xml2;
$list = $xml3->GetElementsByTagName('foo');

Expected result:
----------------
The included script should put a elementlist in $list, but it results in segmentation fault.
The reason for $xml2->SaveXml() is because the segmentationfault only seems to happen when we try to access anything in the resulting document from xsltprocessing before doing the clone.


Actual result:
--------------
(gdb) bt
#0  0x285cb7c7 in zend_objects_store_add_ref (object=0x814a568)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_objects_API.c:118
#1  0x285b2f33 in _zval_copy_ctor (zvalue=0x814a568, 
    __zend_filename=0x285e8260 "/usr/home/jacob/php-5.0.0RC3/ext/dom/php_dom.c", __zend_lineno=797) at /usr/home/jacob/php-5.0.0RC3/Zend/zend_variables.c:156
#2  0x2845a082 in dom_namednode_iter (basenode=0x814a198, ntype=0, 
    intern=0x814a410, ht=0x0, local=0x81de910 "foo", ns=0x0)
    at /usr/home/jacob/php-5.0.0RC3/ext/dom/php_dom.c:797
#3  0x2845d2e7 in zif_dom_document_get_elements_by_tag_name (ht=1, 
    return_value=0x814a3cc, this_ptr=0x814a108, return_value_used=1)
    at /usr/home/jacob/php-5.0.0RC3/ext/dom/document.c:1019
#4  0x285dc17a in zend_do_fcall_common_helper (execute_data=0xbfbfd380, 
    opline=0x814faf8, op_array=0x8148868)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_execute.c:2697
#5  0x285dc7bc in zend_do_fcall_by_name_handler (execute_data=0xbfbfd380, 
    opline=0x814faf8, op_array=0x8148868)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_execute.c:2808
#6  0x285d8737 in execute (op_array=0x8148868)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend_execute.c:1389
#7  0x285b5045 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/home/jacob/php-5.0.0RC3/Zend/zend.c:1061
#8  0x2856f6a7 in php_execute_script (primary_file=0xbfbfe9c0)
    at /usr/home/jacob/php-5.0.0RC3/main/main.c:1627
---Type <return> to continue, or q <return> to quit---
#9  0x285e5751 in php_handler (r=0x81f7050)
    at /usr/home/jacob/php-5.0.0RC3/sapi/apache2handler/sapi_apache2.c:556
#10 0x0806656c in ap_run_handler ()
#11 0x08066cc4 in ap_invoke_handler ()
#12 0x08062e97 in ap_process_request ()
#13 0x0805d5f4 in ap_process_http_connection ()
#14 0x08071bac in ap_run_process_connection ()
#15 0x08071f6c in ap_process_connection ()
#16 0x080648b7 in child_main ()
#17 0x080649a2 in make_child ()
#18 0x08064b28 in startup_children ()
#19 0x08064f6a in ap_mpm_run ()
#20 0x0806c9a3 in main ()
#21 0x0805d0a2 in _start ()


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-14 15:08 UTC] mbm at interflow dot dk
After we recompiled php with debugoptions we started getting segfault in CLI as well.
 [2004-06-14 15:24 UTC] tumpen at fez dot dk
Same thing happens for me in mandrake linux, as soon as GetElementsByTagName is called on the cloned instance, it segfaults.
 [2004-06-15 13:51 UTC] rrichards@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Nov 04 18:01:28 2024 UTC