|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32494 crash when using expat in a class (Works with PHP 5.1)
Submitted: 2005-03-30 02:05 UTC Modified: 2008-07-11 21:24 UTC
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:2 (50.0%)
From: evert at rooftopsolutions dot nl Assigned:
Status: Wont fix Package: XML related
PHP Version: 4CVS-2005-07-30 OS: Linux glibc 2.3.4
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: evert at rooftopsolutions dot nl
New email:
PHP Version: OS:


 [2005-03-30 02:05 UTC] evert at rooftopsolutions dot nl
My PHP crashes when using expat functions in a class.
My scripts opens the 'test' file, but it doesn't matter if it exists or not.

Right now I'm unable to check this with the latest cvs, but I did test this on multiple servers running 4.3.10

Reproduce code:

 class sParser {

       function onStartElement($parser,$name,$attribs) {

               return false;


       function onEndElement($parser,$name) {

               return false;


       function onCDATA($parser,$data) {

               return false;


       function onProcessInstruction($parser,$target,$data) {

               return false;


       function onXMLError($line,$errorcode,$errorstring) {

               return false;


       function xmlparse($data) {

               $this->parser = xml_parser_create('UTF-8');
               xml_set_element_handler($this->parser,array($this, 'onStartElement'),array($this,'onEndElement'));
               if (!xml_parse($this->parser,$data)) {
                       $this->onXMLError(xml_get_current_line_number($this->parser), xml_get_error_code($this->parser), xml_error_string(xml_get_error_code($
                       return false;
               } else return $this->parsedData;


       function execute($data) {

               return $this->xmlparse($data);



 $disp = new sParser();



Expected result:
No errors

Actual result:
PHP Crash

my apache logs says:

[Tue Mar 29 07:07:25 2005] [notice] child pid 9106 exit signal Aborted (6)
*** glibc detected *** double free or corruption (!prev): 0x08205058 ***


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-05 00:10 UTC] rmartins at dcc dot online dot pt
Try freeing the parser via xml_parser_free()

Ricardo Martins
 [2005-05-05 01:01 UTC] evert at rooftopsolutions dot nl
Thank you rmartins!!!
 [2005-05-17 10:46 UTC]
Does NOT happen with PHP 5 (using libxml instead of expat)

 [2005-08-18 10:54 UTC]
See also bug #34150
 [2005-10-31 11:22 UTC] troels at kyberfabrikken dot dk
Does anybody know for how long this problem have existed ? Will it be fixed with next release for php4 ?
xml_set_object does btw. not have the same problem.
 [2007-06-08 16:21 UTC] nick at prioritycolo dot com
Still seeing this same issue in PHP 4.4.7 (two years later?!) with the CPanel build of Apache and PHP on Centos "4.5". Seeing core dumps with vBulletin's cron job, upgrading to PHP 5.x not a short-term option on the shared box in question.
Back trace from the vBulletin cron.php throws me:
#0  0xffffe410 in __kernel_vsyscall ()
#1  0x4a2137a5 in raise () from /lib/tls/
#2  0x4a215209 in abort () from /lib/tls/
#3  0x4a247a1a in __libc_message () from /lib/tls/
#4  0x4a24e2bf in _int_free () from /lib/tls/
#5  0x4a24e63a in free () from /lib/tls/
#6  0x08148414 in poolDestroy (pool=0x4a315840)
    at /home/cpapachebuild/buildapache/php-4.4.7/ext/xml/expat/xmlparse.c:5425
#7  0x0814a38b in php_XML_ParserFree (parser=0x86844d0)
    at /home/cpapachebuild/buildapache/php-4.4.7/ext/xml/expat/xmlparse.c:1055

etc etc etc
Instant "*** glibc detected *** double free or corruption" occurs:
class test {
    function test() {
        // initialize parser
        $this->parser = xml_parser_create();
        xml_set_element_handler( $this->parser,
                                 array( & $this, "startTag" ),
                                 array( & $this, "endTag" )
$parser = new test();
Sigh, I'm guessing we may be SoL on this one...
 [2008-07-11 21:24 UTC]
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 01 15:01:30 2024 UTC