php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46699 xml_parse fails with Bus Error only when parser is namespace aware.
Submitted: 2008-11-27 20:02 UTC Modified: 2008-12-12 04:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: m dot haarmann at gmail dot com Assigned:
Status: Closed Package: XML related
PHP Version: 5.2CVS-2008-11-28 OS: Mac OS 10.5.5
Private report: No CVE-ID:
 [2008-11-27 20:02 UTC] m dot haarmann at gmail dot com
Description:
------------
When executing xml_parse on a parser handle that was created using 
xml_create_parser_ns, the script fails.

Reproduce code:
---------------
// dummy handlers
function defaultTagHandler($parser,$data){
	echo $data;
}

//cont'd
function namespaceBla($parser,$user_data,$prefix){
}
// read a file
$filename = "demo.xml";
$file_data = implode("",file($filename));
$parser = xml_parser_create_ns();

xml_set_default_handler($parser,"defaultTagHandler");
xml_set_start_namespace_decl_handler($parser,"namespaceBla");
xml_set_end_namespace_decl_handler($parser,"namespaceBla");
// crashes here.
xml_parse($parser,$file_data);

Expected result:
----------------
to echo some node data.

Actual result:
--------------
bus error. 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-27 20:17 UTC] m dot haarmann at gmail dot com
this problem doesn't occur when using just xml_create_parser, without 
the namespace awareness. i'm using the php and apache2 versions that are 
bundled with mac os.
 [2008-11-28 12:29 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2008-11-28 12:58 UTC] m dot haarmann at gmail dot com
still same error with snapshot.
 [2008-11-28 13:30 UTC] jani@php.net
Ok, is that demo.xml available somewhere?
 [2008-11-28 15:47 UTC] m dot haarmann at gmail dot com
sure: 

demo.xml
--------
<?xml version="1.0" encoding="UTF-8" ?>
<xsl:stylesheet version="1.0"
                xmlns:xsl="http://www.w3.org/1999/XSL/Transform" 
xmlns:foo="http://momo/">

	<xsl:output encoding="UTF-8" indent="yes" method="xml" />
	<foo:bar value="asdfasf">node</foo:bar>
	<xsl:template match="/">
	</xsl:template>
</xsl:stylesheet>
 [2008-11-30 22:40 UTC] crrodriguez at opensuse dot org
Reproduced consistently in linux 64 bit. (5_2 and 5_3)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f697a693710 (LWP 31187)]
#0  0x0000000000000000 in ?? ()
#1  0x0000000000757e32 in _start_element_handler_ns (user=0xfde0c0, name=0xff3a23 "stylesheet", prefix=0xff3a1f "xsl",
    URI=0xff3a36 "http://www.w3.org/1999/XSL/Transform", nb_namespaces=2, namespaces=0xff4030, nb_attributes=1, nb_defaulted=0,
    attributes=0xff3e30) at /home/cristian/php5/ext/xml/compat.c:131
#2  0x00007f6978743dd8 in ?? () from /usr/lib64/libxml2.so.2
#3  0x00007f697874a281 in xmlParseChunk () from /usr/lib64/libxml2.so.2
#4  0x00000000007588ea in php_XML_Parse (parser=0xfde0c0,
    data=0xfdb318 "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<xsl:stylesheet version=\"1.0\"\n", ' ' <repeats 16 times>, "xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" \nxmlns:foo=\"http://momo/\">\n\n\t<xsl:output encoding=\"UTF-8\" indent="..., data_len=324,
    is_final=0) at /home/cristian/php5/ext/xml/compat.c:530
#5  0x0000000000756876 in zif_xml_parse (ht=2, return_value=0xfded48, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /home/cristian/php5/ext/xml/xml.c:1466
#6  0x00000000008143ad in zend_do_fcall_common_helper_SPEC (execute_data=0x7f697a53c090) at /home/cristian/php5/Zend/zend_vm_execute.h:313
#7  0x0000000000819b34 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7f697a53c090) at /home/cristian/php5/Zend/zend_vm_execute.h:1564
#8  0x000000000081349b in execute (op_array=0xfd9b40) at /home/cristian/php5/Zend/zend_vm_execute.h:104
#9  0x00000000007e3599 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cristian/php5/Zend/zend.c:1197
#10 0x0000000000765a23 in php_execute_script (primary_file=0x7fff826c5390) at /home/cristian/php5/main/main.c:2080
#11 0x000000000088697f in main (argc=2, argv=0x7fff826c55d8) at /home/cristian/php5/sapi/cli/php_cli.c:1126
(gdb)
 [2008-12-12 04:22 UTC] rrichards@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 09:02:23 2014 UTC