php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39562 Segfault with Invalid XSLT
Submitted: 2006-11-20 21:34 UTC Modified: 2006-11-20 23:36 UTC
From: hairmare at gmail dot com Assigned:
Status: Not a bug Package: XSLT related
PHP Version: 6CVS-2006-11-20 (snap) OS: Linux
Private report: No CVE-ID: None
 [2006-11-20 21:34 UTC] hairmare at gmail dot com
Description:
------------
this code is based on a snippet from the manual (http://php.net/xsl-xsltprocessor-construct).

Any small error in the xslt sheet easily makes php segfault.

i'm even getting this on older versions.

my configure;
 './configure' '--disable-cgi' '--enable-cli' '--with-mysql' '--with-openssl' '--with-pdo-mysql' '--enable
-soap' '--with-xsl' '--enable-debug' '--with-zlib' '--with-dom' '--with-gdbm' '--with-curl' '--with-dom' '--with-gd' '--enable-calendar' '--with-bz2' '--with-mcrypt' '--
with-xmlrpc' '--with-gettext' '--with-ttf' '--enable-pcntl' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-shmop' '--with-png' '--with-jpeg' '--with-
tiff' '--with-freetype'


Reproduce code:
---------------
<?php
$xsl = new DOMDocument;
$xsl->loadXML(b'<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"/>
    extra content here
    ');

$proc = new XSLTProcessor;
$proc->importStyleSheet($xsl);

echo 'hello mr bug';
?>


Expected result:
----------------
--EXPECTREGEX--

Warning: DOMDocument::loadXML\(\): Extra content at the end of the document in Entity, line: [-1-9]* in .* on line [0-9]*

Warning: XSLTProcessor::importStylesheet\(\): compilation error in .* on line [0-9]*

Warning: XSLTProcessor::importStylesheet\(\): xsltParseStylesheetProcess : empty stylesheet in .* on line [0-9]*
hello mr bug


Actual result:
--------------
#0  0x08332197 in zif_xsl_xsltprocessor_import_stylesheet (ht=1, return_value=0xb6b5d474, return_value_ptr=0x0, this_ptr=0xb6b5c1c8, return_value_used=0)
    at /usr/local/src/php-6/php6.0-200611201530/ext/xsl/xsltprocessor.c:388
#1  0x083b61c0 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfef9240) at zend_vm_execute.h:209
#2  0x083b6bff in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfef9240) at zend_vm_execute.h:331
#3  0x083b5d88 in execute (op_array=0xb6b5c8d4) at zend_vm_execute.h:92
#4  0x0838e5f2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-6/php6.0-200611201530/Zend/zend.c:1587
#5  0x08337e68 in php_execute_script (primary_file=0xbfefb690) at /usr/local/src/php-6/php6.0-200611201530/main/main.c:1933
#6  0x084005f0 in main (argc=2, argv=0xbfefb724) at /usr/local/src/php-6/php6.0-200611201530/sapi/cli/php_cli.c:1119


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-20 21:55 UTC] tony2001@php.net
Cannot reproduce. Make sure you've executed ./cvsclean before rebuilding PHP.
 [2006-11-20 23:24 UTC] hairmare at gmail dot com
cvsclean issue, sorry
 [2006-11-20 23:36 UTC] hairmare at gmail dot com
buildconf related
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 13:01:24 2019 UTC