php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59596 Yaml extension crashes when called callback function for nodes
Submitted: 2011-01-29 14:40 UTC Modified: 2011-02-20 18:39 UTC
From: roman4e at gmail dot com Assigned:
Status: Closed Package: yaml (PECL)
PHP Version: 5.3.2 OS: Ubuntu 10.4 x86_64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: roman4e at gmail dot com
New email:
PHP Version: OS:

 

 [2011-01-29 14:40 UTC] roman4e at gmail dot com
Description:
------------
When I use callback functions for nodes I get crash of 
extension.

I use PHP 5.3.3 from repos.
Yaml extension I've compiled from source code v 0.6.3 beta


Reproduce code:
---------------
function yaml_cbk($a) { var_dump($a); }

$yaml_code = <<<YAML
boo: doo
a: [1,2,3,4]
d: []
YAML;

$yaml = yaml_parse($yaml_code,0,&$ndocs,array("a"=>"yaml_cbk"));


Expected result:
----------------
I want to see result of var_dump($a);

Actual result:
--------------
array(3) {
  ["boo"]=>
  string(0) ""
  
["a&#65533;o&#65533;&#1096;&#65533;&#65533;&#152;L&#1113;n6?L 
and more binary code


apache error.log string: [error] child died with signal 7
no other log entries neither in dmesg.
In browser output got some binary code

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-08 05:44 UTC] indeyets at gmail dot com
you have 2 errors in your example:

1) you don't need "&" before "$ndocs"
2) callbacks are applied to tags, not to keys

anyway, extension should still be able to "handle" this in a 
sane fashion
 [2011-02-20 18:39 UTC] bd808@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

There was a double free bug with the callback array which caused the segfault.

As indeyets pointed out, even without the double free bug the submitted code wouldn't do what the author intended as callbacks are triggered on "tags" which are explicit or implied type hints to the yaml parser rather than mapping keys.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Dec 06 17:04:05 2021 UTC