php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36859 DOMElement crashes when calling __construct when clone'ing
Submitted: 2006-03-25 22:25 UTC Modified: 2006-03-26 01:23 UTC
From: bjori@php.net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2006-03-25 (CVS) OS: FreeBSD6
Private report: No CVE-ID:
 [2006-03-25 22:25 UTC] bjori@php.net
Description:
------------
Seems to crash when calling DOMElement::__construct() when calling __clone() on a object that extends DOMElement.

Reproduce code:
---------------
<?php
    class foo extends DOMElement {
        public function __clone() {
            parent::__construct("foo");
        }
    }

    $foo = new foo("foo");
    $foobar = clone $foo;


Actual result:
--------------
#0  0x08069fe9 in php_libxml_node_free_list (node=0x2a8fcc84) at /usr/src/php51/ext/libxml/libxml.c:206
#1  0x0806b7a4 in php_libxml_node_free_resource (node=0x83688e4) at /usr/src/php51/ext/libxml/libxml.c:967
#2  0x0809e162 in zif_domelement___construct (ht=1, return_value=0x835d064, return_value_ptr=0x0, this_ptr=0x8368fe4, return_value_used=0)
    at /usr/src/php51/ext/dom/element.c:133
#3  0x0819ef42 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbfce40) at zend_vm_execute.h:200
#4  0x0819f9c5 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfbfce40) at zend_vm_execute.h:322
#5  0x0819eb62 in execute (op_array=0x836a424) at zend_vm_execute.h:92
#6  0x08175d93 in zend_call_function (fci=0xbfbfd030, fci_cache=0xbfbfcff0) at /usr/src/php51/Zend/zend_execute_API.c:938
#7  0x08194436 in zend_call_method (object_pp=0xbfbfd0b4, obj_ce=0x835fc24, fn_proxy=0x835fd2c, function_name=0x821f20e "__clone", function_name_len=7,
    retval_ptr_ptr=0x0, param_count=0, arg1=0x0, arg2=0x0) at /usr/src/php51/Zend/zend_interfaces.c:88
#8  0x08199a1a in zend_objects_clone_members (new_object=0x83747a4, new_obj_val={handle = 2, handlers = 0x8275a60}, old_object=0x8372124, handle=2)
    at /usr/src/php51/Zend/zend_objects.c:152
#9  0x0809456b in dom_objects_store_clone_obj (zobject=0x8368964) at /usr/src/php51/ext/dom/php_dom.c:449
#10 0x081d27f2 in ZEND_CLONE_SPEC_CV_HANDLER (execute_data=0xbfbfd230) at zend_vm_execute.h:19348
#11 0x0819eb62 in execute (op_array=0x836a324) at zend_vm_execute.h:92
#12 0x08181758 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php51/Zend/zend.c:1109
#13 0x0813e06f in php_execute_script (primary_file=0xbfbfe9e0) at /usr/src/php51/main/main.c:1726
#14 0x081e54df in main (argc=2, argv=0xbfbfea74) at /usr/src/php51/sapi/cli/php_cli.c:1092


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-03-26 01:23 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 16:02:23 2014 UTC