php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37853 DOM->schemaValidate causes an access violation
Submitted: 2006-06-19 20:46 UTC Modified: 2006-07-20 21:36 UTC
From: jona at oismail dot com Assigned: rrichards (profile)
Status: Not a bug Package: Reproducible crash
PHP Version: 5.1.4 OS: Windows 2000
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jona at oismail dot com
New email:
PHP Version: OS:

 

 [2006-06-19 20:46 UTC] jona at oismail dot com
Description:
------------
When an unescaped & is encounted in an XML document, PHP causes an access violation in IIS when DOM schemaValidate or DOM schemaValidateSource is called.
I have PHP running as an ISAPI module using the php5isapi.dll

Reproduce code:
---------------
<?php
$sXML = '<?xml version="1.0" encoding="ISO-8859-5"?>
<root type="input" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="input.xsd">
<username>Jona&</username>
</root>';

$sSchema = '<?xml version="1.0"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:simpleType name="string">
	<xs:restriction base="xs:string">
		<xs:minLength value="1" />
	</xs:restriction>
</xs:simpleType>

<xs:element name="root">
	<xs:complexType>			
		<xs:choice>
			<xs:element name="username" type="string" />
			<xs:element name="password" type="string" />
		</xs:choice>
		<xs:attribute name="type" type="xs:string" use="required" fixed="input" />
	</xs:complexType>
</xs:element>
</xs:schema>';

$obj_DOM = new DOMDocument("1.0", "ISO-8859-5");
$obj_DOM->loadXML(trim($sXML) );

$obj_DOM->schemaValidateSource($sSchema);
?>

Expected result:
----------------
Warning thrown along the lines of "Invalid XML document" or schemaValidate returns false.

Actual result:
--------------
PHP has encountered an Access Violation at 01B1E093
Warning: DOMDocument::loadXML() [function.DOMDocument-loadXML]: xmlParseEntityRef: no name in Entity, line: 3 in D:\www\php5api\webroot\xml_schema_test.php on line 27

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-06-19 21:28 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

I get two error messages and no crash:

Warning: DOMDocument::loadXML(): xmlParseEntityRef: no name in Entity, line: 3 in /tmp/3.php on line 27
Warning: DOMDocument::schemaValidateSource(): The document has no document element. in /tmp/3.php on line 29

 [2006-06-19 21:36 UTC] jona at oismail dot com
I get an "PHP has encountered an Access Violation at 01B1B9F3" for both v5.1.4 and v5.2-dev.

Are you running PHP as an ISAPI module?
 [2006-06-19 21:38 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

No ISAPI or windows here, only Linux.
 [2006-06-19 21:48 UTC] jona at oismail dot com
The issue is likely specific to Windows / IIS / sapi / isapi then?

Can't seem to make the CGI version work on IIS or I'd test if it was sapi specific.
Sorry.... :-(
 [2006-06-20 11:48 UTC] tony2001@php.net
We still need the backtrace, though.
 [2006-06-20 12:13 UTC] jona at oismail dot com
How do I do I get that?

If I call either debug_backtrace() or debug_print_stacktrace() prior to calling DOM->schemaValidate(), I get no useful output.
If I call either of the backtrace functions after DOM->schemaValidate(), they're never executed due to the PHP Access Violation.

Please advice?
 [2006-06-20 12:15 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2006-06-20 14:11 UTC] jona at oismail dot com
I don't have MSVC available I'm afraid, nor am I likely to get a hand on one anytime soon.

Is there anything else I can do to assist?
 [2006-06-20 17:54 UTC] edink@php.net
Crashes within libxml2 in xmlSchemaValidateDoc() called from ext/dom/document.c _dom_document_schema_validate()

At the first glance, doesn't look like PHP problem.

PHP5TS! xmlSchemaCheckFacet + 1827 bytes
PHP5TS! xmlSchemaCheckFacet + 1551 bytes
PHP5TS! xmlSchemaValidateDoc + 57 bytes
_dom_document_schema_validate(int 270323429, _zval_struct * 0x00000001, _zval_struct * * 0x0116fa78, _zval_struct * 0x00000000, int 18282784, void * * * 0x00000000, int 2244912) line 1893
zif_dom_document_schema_validate_xml(int 1, _zval_struct * 0x0116fa78, _zval_struct * * 0x00000000, _zval_struct * 0x0116f920, int 0, void * * * 0x00224130) line 1912 + 37 bytes
zend_do_fcall_common_helper_SPEC(_zend_execute_data * 0x10019575, void * * * 0x00c0fba8) line 200 + 49 bytes
ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * 0x00c0fba8, void * * * 0x00224130) line 322 + 17 bytes
execute(_zend_op_array * 0x7c9106eb, void * * * 0x1000948d) line 92 + 12 bytes

 [2006-07-20 15:26 UTC] mike@php.net
Does Rob already know of that?
 [2006-07-20 21:36 UTC] rrichards@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

an already fixed bug in libxml2
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 11:01:29 2024 UTC