php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #59596 Yaml extension crashes when called callback function for nodes
Submitted: 2011-01-29 14:40 UTC Modified: 2011-02-20 18:39 UTC
From: roman4e at gmail dot com Assigned:
Status: Closed Package: yaml (PECL)
PHP Version: 5.3.2 OS: Ubuntu 10.4 x86_64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: roman4e at gmail dot com
New email:
PHP Version: OS:

 

 [2011-01-29 14:40 UTC] roman4e at gmail dot com 
Description:
------------
When I use callback functions for nodes I get crash of 
extension.

I use PHP 5.3.3 from repos.
Yaml extension I've compiled from source code v 0.6.3 beta


Reproduce code:
---------------
function yaml_cbk($a) { var_dump($a); }

$yaml_code = <<<YAML
boo: doo
a: [1,2,3,4]
d: []
YAML;

$yaml = yaml_parse($yaml_code,0,&$ndocs,array("a"=>"yaml_cbk"));


Expected result:
----------------
I want to see result of var_dump($a);

Actual result:
--------------
array(3) {
  ["boo"]=>
  string(0) ""
  
["a&#65533;o&#65533;&#1096;&#65533;&#65533;&#152;L&#1113;n6?L 
and more binary code


apache error.log string: [error] child died with signal 7
no other log entries neither in dmesg.
In browser output got some binary code

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-08 05:44 UTC] indeyets at gmail dot com 
you have 2 errors in your example:

1) you don't need "&" before "$ndocs"
2) callbacks are applied to tags, not to keys

anyway, extension should still be able to "handle" this in a 
sane fashion
 [2011-02-20 18:39 UTC] bd808@php.net 
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

There was a double free bug with the callback array which caused the segfault.

As indeyets pointed out, even without the double free bug the submitted code wouldn't do what the author intended as callbacks are triggered on "tags" which are explicit or implied type hints to the yaml parser rather than mapping keys.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 13:01:30 2024 UTC