|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44891 Memory leak using registerPHPFunctions and XSLT Variable as function parameter
Submitted: 2008-05-02 14:42 UTC Modified: 2008-05-04 15:15 UTC
From: aldo at armiento dot com Assigned:
Status: Closed Package: XSLT related
PHP Version: 5.3CVS-2008-05-02 (snap) OS: Linux 2.6.18
Private report: No CVE-ID:
 [2008-05-02 14:42 UTC] aldo at armiento dot com
Using registerPHPFunctions and calling a PHP function from XSL with 
first parameter an XSL Variable (instead of node, node-text, etc.) 
produces a memory leak.

Also "memory_limit" directive in php.ini is ignored.

Reproduce code:

// XML Contents

$sXML = <<< EOD
<?xml version="1.0" encoding="UTF-8"?>
<root>root node</root>

$domXML = new DOMDocument();

// XSL Contents

$sXSL = <<< EOD
<xsl:stylesheet version="1.0"

	<xsl:template match="/">
		<xsl:variable name="variable"> text </xsl:variable>
		<xsl:value-of select="php:functionString('trim', \$variable)" />


$domXSL = new DOMDocument();

// XSLT Processor

$xsltProcessor = new XSLTProcessor();

while (true) {

Expected result:

Actual result:
All server available memory is used. 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-05-02 14:46 UTC] aldo at armiento dot com
Reproducible also with 5.2CVS-2008-05-02 (snap)
 [2008-05-02 16:06 UTC]
5.3 backtrace:

==25539== 409,600 bytes in 100 blocks are definitely lost in loss record 1 of 1
==25539==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==25539==    by 0x414B180: xmlBufferCreate (in /usr/lib/
==25539==    by 0x414BE43: xmlNodeGetContent (in /usr/lib/
==25539==    by 0x417AE60: xmlXPathCastNodeToString (in /usr/lib/
==25539==    by 0x417B194: xmlXPathCastNodeSetToString (in /usr/lib/
==25539==    by 0x417E4AC: xmlXPathCastToString (in /usr/lib/
==25539==    by 0x822F1EE: xsl_ext_function_php (xsltprocessor.c:289)
==25539==    by 0x41835E1: (within /usr/lib/
==25539==    by 0x418306A: (within /usr/lib/
==25539==    by 0x4184E2F: (within /usr/lib/
==25539==    by 0x4189265: (within /usr/lib/
==25539==    by 0x4189471: xmlXPathCompiledEval (in /usr/lib/
==25539==    by 0x40FBA1A: xsltValueOf (in /usr/lib/
==25539==    by 0x40F8AE6: (within /usr/lib/
==25539==    by 0x40FA002: (within /usr/lib/
==25539==    by 0x40FA7FC: xsltProcessOneNode (in /usr/lib/
==25539==    by 0x40FE9F1: (within /usr/lib/
==25539==    by 0x822FDD1: php_xsl_apply_stylesheet (xsltprocessor.c:540)
==25539==    by 0x823021F: zif_xsl_xsltprocessor_transform_to_doc (xsltprocessor.c:594)
==25539==    by 0x82B38BA: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:189)
==25539==    by 0x82B2E44: execute (zend_vm_execute.h:91)
==25539==    by 0x828D19E: zend_execute_scripts (zend.c:1195)
==25539==    by 0x8233870: php_execute_script (main.c:2077)
==25539==    by 0x83206D8: main (php_cli.c:1139)
 [2008-05-04 15:15 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC