php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38406 PHP crashes when manipulating with SimpleXML object
Submitted: 2006-08-10 00:54 UTC Modified: 2007-02-20 13:22 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: zizka at seznam dot cz Assigned: helly (profile)
Status: Closed Package: SimpleXML related
PHP Version: 5.1.4 OS: Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
26 + 10 = ?
Subscribe to this entry?

 
 [2006-08-10 00:54 UTC] zizka at seznam dot cz 
Description:
------------
PHP crashes when manipulating with SimpleXML object.
See the code in the testcase.
I think it does not concern stack overflow as there is no (obvious) recursion.

Reproduce code:
---------------
http://ondra.zizka.cz/projekty/bugs/bug_SimpleXML_crash-testcase.php.txt

Expected result:
----------------
Either a node should be added, or PHP should throw some exception or warning.

Actual result:
--------------
Apache thread crashes (Win32 reports illegal operation).

Application Failure
Apache.exe 2.0.55.0
in php5ts.dll 5.1.4.4
at offset 001ec55b

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-10 07:10 UTC] nik at betline dot ru 
I've same problem on FreeBSD 5.4 with Apache 2.0.58
 [2006-08-10 07:50 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2006-08-10 16:08 UTC] nik at betline dot ru 
Without changes. Same error exists.
 [2006-08-10 16:27 UTC] tony2001@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2006-08-18 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-02-20 12:18 UTC] dominics at gmail dot com 
While this isn't my bug (and so I can't reopen it), and I can't view the original test case, I still believe I'm experiencing the same crash.

I'm using PHP 5.2.1, Apache 2.0.54 and Windows XP. A somewhat similar platform to the original reporter. I am able to consistently reproduce the bug with the following test case:

<?php
$item = new SimpleXMLElement('<something />');
$item->attribute = 'something';
$item->otherAttribute = $item->attribute;
?>
 [2007-02-20 12:22 UTC] dominics at gmail dot com 
I forgot to mention the specific error:

Unhandled exception at 0x008eafcb in Apache.exe: 0xC0000005: Access violation reading location 0x00000002.
 [2007-02-20 12:29 UTC] dominics at gmail dot com 
I've just confirmed that this bug works on Linux (Debian Etch) too. Using Apache 2.2.3 and PHP 5.2, and the test case above, the apache process segfaults:

[Wed Feb 21 01:26:50 2007] [notice] child pid 3758 exit signal Segmentation fault (11)
[Wed Feb 21 01:26:51 2007] [notice] child pid 3938 exit signal Segmentation fault (11)
 [2007-02-20 12:48 UTC] tony2001@php.net 
Marcus, please review this patch:
http://tony2001.phpclub.net/dev/tmp/bug38406.diff
 [2007-02-20 13:22 UTC] tony2001@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 18:01:28 2024 UTC