php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6175 XML functions no longer work in objects
Submitted: 2000-08-15 12:41 UTC Modified: 2001-11-26 23:41 UTC
From: jon at csh dot rit dot edu Assigned:
Status: Closed Package: XML related
PHP Version: 4.1.0 RC3 OS: FreeBSD 4.4-STABLE
Private report: No CVE-ID: None
 [2000-08-15 12:41 UTC] jon at csh dot rit dot edu
After updating to the latest CVS this morning, existing code that uses the XML parser functions in an object no longer work.

In the constructor:

$this->parser = xml_parser_create();
xml_set_object($this->parser, &$this);
xml_parser_set_option($this->parser, XML_OPTION_CASE_FOLDING, true);
xml_set_element_handler($this->parser, "startElement", "endElement");
xml_set_character_data_handler($this->parser, "defaultHandler");

And in another method:

xml_parse($this->parser, $this->buffer, true);

When xml_parse is executed, PHP reports a long list of warnings like:

Warning: Unable to call defaultHandler() in ./lib/Help.php on line 121
(line 121 is the xml_parse line)

The "defaultHandler", "endElement", and "startElement" methods all exist in the object.

One of the changes made over the last few days in either PHP or Zend must have broken something here.  I tshould be fixed or documented as changed (I might have missed something) before 4.0.2 is release.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-08-17 10:06 UTC] jon at csh dot rit dot edu
Changed to "Scripting Engine problem".

Moving the xml_* initialization functions out of the constructor appears to solve the problem.  Thanks to Lars Torben Wilson for providing me with a _temporary_ solution.

However, this is still a bug and needs to be addressed before the 4.0.2 release.  Simple testing scripts all seem to work fine, however, so I'm still having a difficult time determining how large a script or what combination of OO stuff causing the system to break.
 [2000-08-20 12:14 UTC] stas@php.net
Please check the latest CVS. Also, please note that using call-time references is deprecated (i.e, you should not put & in function parameters).
 [2000-08-20 12:22 UTC] jon at csh dot rit dot edu
The PHP change fixes the call-time reference issue (so no more &$this), but the xml_* functions still don't work when called from the constructor.
 [2000-08-21 09:07 UTC] stas@php.net
could you please provide an example of a runnable short script and XML file that doesn't work?
 [2000-08-21 10:25 UTC] jon at csh dot rit dot edu
All of my attempts to reduce the problem to a short script have failed, but I have examples of working and non-working code you can look at.

I've made them available here: http://orca.gaiaservers.com/work/xml.tar.gz

xml.php works fine.

help.xml is the XML source file used in the following two files.
Help1.php calls the xml_* functions from the constructor and doesn't work.
Help2.php calls the xml_* functions from a separate init method and does work.
 [2000-08-23 08:29 UTC] sniper@php.net
Wasn't this just fixed in cvs??

--Jani
 [2000-08-23 10:30 UTC] jon at csh dot rit dot edu
If you're referring to Andrei's changes that accept the array($this, 'fooHandler') syntax, no, it doesn't fix my problem, and I actually haven't gotten the new syntax to work correctly, either.  I'll try and look into it some more later today.
 [2000-08-31 15:00 UTC] jon at csh dot rit dot edu
With today's CVS, including Andrei's latest change to xml.c (rev. 1.61), I can generate a backtrace for the segfault that occurs when calling the xml_* routines from the constructor:

Starting program: /usr/local/src/apache_1.3.12/src/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x80e3a0e in _efree (ptr=0x5a5a5a5a, 
    __zend_filename=0x81bb1a9 "zend_variables.c", __zend_lineno=98, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:196
196             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0  0x80e3a0e in _efree (ptr=0x5a5a5a5a, 
    __zend_filename=0x81bb1a9 "zend_variables.c", __zend_lineno=98, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:196
#1  0x80eea7e in zval_del_ref (p=0x8263b3c) at zend_variables.c:98
#2  0x80dc0cd in xml_parser_dtor (parser=0x8263b24) at xml.c:302
#3  0x80f3dc1 in list_entry_destructor (ptr=0x82d3be4) at zend_list.c:253
#4  0x80f2b1d in zend_hash_apply_deleter (ht=0x824b880, p=0x82b70a4)
    at zend_hash.c:619
#5  0x80f2c3e in zend_hash_graceful_destroy (ht=0x824b880) at zend_hash.c:670
#6  0x80f3e97 in zend_destroy_rsrc_list () at zend_list.c:298
#7  0x80e9490 in shutdown_executor () at zend_execute_API.c:179
#8  0x80ef604 in zend_deactivate () at zend.c:520
#9  0x808070b in php_request_shutdown (dummy=0x0) at main.c:659
#10 0x807e887 in php_apache_request_shutdown (dummy=0x0) at mod_php4.c:291
#11 0x8124ee5 in run_cleanups (c=0x82b30f4) at alloc.c:1706
#12 0x812359b in ap_clear_pool (a=0x82b200c) at alloc.c:531
#13 0x812361b in ap_destroy_pool (a=0x82b200c) at alloc.c:561
#14 0x8123587 in ap_clear_pool (a=0x826600c) at alloc.c:528
#15 0x8133165 in child_main (child_num_arg=0) at http_main.c:3900
#16 0x81337a5 in make_child (s=0x8252034, slot=0, now=967748297)
    at http_main.c:4281
#17 0x813391e in startup_children (number_to_start=3) at http_main.c:4363
#18 0x8133f28 in standalone_main (argc=2, argv=0xbfbffa48) at http_main.c:4651
#19 0x8134740 in main (argc=2, argv=0xbfbffa48) at http_main.c:4978

From Apache's error log:

httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
httpd in free(): warning: chunk is already free.
[Thu Aug 31 08:57:05 2000] [notice] child pid 57954 exit signal Segmentation fault (11)
 [2001-03-31 11:17 UTC] cynic@php.net
do you still experience this error?
 [2001-04-01 13:18 UTC] jon at csh dot rit dot edu
I believe it's still a problem, but I'll have to recreate my test case.  I'll try and get to it soon.
 [2001-04-02 23:47 UTC] jon at csh dot rit dot edu
Yes.  If these lines are used in an object's constructor:

$this->parser = xml_parser_create();
xml_set_object($this->parser, $this);
xml_parser_set_option($this->parser, XML_OPTION_CASE_FOLDING, true);
xml_set_element_handler($this->parser, 'startElement', 'endElement');
xml_set_character_data_handler($this->parser, 'defaultHandler');

... Apache will segfault with the following backtrace:

#0  0x3 in ?? ()
#1  0x281e2391 in call_user_function_ex (function_table=0x80b9280, 
    object_pp=0x80ffcc0, function_name=0x8148dcc, retval_ptr_ptr=0xbfbfd14c, 
    param_count=2, params=0x81487ac, no_separation=1, symbol_table=0x0)
    at zend_execute_API.c:397
#2  0x281e2111 in call_user_function (function_table=0x80b9280, 
    object_pp=0x80ffcc0, function_name=0x8148dcc, retval_ptr=0x80d570c, 
    param_count=2, params=0xbfbfd1e8) at zend_execute_API.c:325
#3  0x2828ad5c in xml_call_handler (parser=0x80ffc8c, handler=0x8148dcc, 
    argc=2, argv=0xbfbfd1e8) at xml.c:386
#4  0x2828b98d in _xml_characterDataHandler (userData=0x80ffc8c, 
    s=0xbfbfd257 "\n ^-(\f\020\022\b0\020\022\b\2059\025\b", len=1)
    at xml.c:804
#5  0x2829cf38 in doContent (parser=0x8101400, startTagLevel=0, 
    enc=0x282d5e20, 
    s=0x8121046 "\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intended recipient(s). Be sure you want to send before clicking h"..., 
    end=0x8123e29 "", nextPtr=0x0) at xmlparse.c:1383
#6  0x2829c37d in contentProcessor (parser=0x8101400, 
    start=0x8121022 "<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intended recipient(s). Be sur"..., 
    end=0x8123e29 "", endPtr=0x0) at xmlparse.c:957
#7  0x2829e29d in prologProcessor (parser=0x8101400, 
    s=0x8121022 "<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intended recipient(s). Be sur"..., 
    end=0x8123e29 "", nextPtr=0x0) at xmlparse.c:2036
#8  0x2829dfb2 in prologInitProcessor (parser=0x8101400, 
    s=0x812100c "<?xml version='1.0'?>\n<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intende"..., 
    end=0x8123e29 "", nextPtr=0x0) at xmlparse.c:1967
#9  0x2829bef8 in php_XML_Parse (parser=0x8101400, 
    s=0x812100c "<?xml version='1.0'?>\n<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intende"..., 
    len=11805, isFinal=1) at xmlparse.c:779
#10 0x2828c836 in php_if_xml_parse (ht=3, return_value=0x8148f0c, 
    this_ptr=0x0, return_value_used=0) at xml.c:1394
#11 0x281dbf01 in execute (op_array=0x8129d0c) at ./zend_execute.c:1494
#12 0x281dc154 in execute (op_array=0x80ff98c) at ./zend_execute.c:1534
#13 0x281e9e86 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#14 0x281fb6dc in php_execute_script (primary_file=0xbfbff7dc) at main.c:1194
#15 0x281f8006 in apache_php_module_main (r=0x8112034, display_source_mode=0)
    at sapi_apache.c:89
#16 0x281f8996 in send_php (r=0x8112034, display_source_mode=0, filename=0x0)
    at mod_php4.c:521
#17 0x281f89d2 in send_parsed_php (r=0x8112034) at mod_php4.c:532
#18 0x8053fa1 in ap_invoke_handler ()
#19 0x80686a8 in process_request_internal ()
#20 0x8068712 in ap_process_request ()
#21 0x805f6df in child_main ()
---Type <return> to continue, or q <return> to quit---
#22 0x805f89d in make_child ()
#23 0x805fa16 in startup_children ()
#24 0x8060024 in standalone_main ()
#25 0x806083c in main ()
#26 0x804eaa1 in _start ()
 [2001-05-07 14:31 UTC] cardinal@php.net
It looks like the segfault has been fixed in CVS, can you check this on your end?

Instead of a segfault though, I'm getting errors for each attempted event handler call:

Warning: Unable to call handler startElement() in bug.php on line 26

Warning: Unable to call handler endElement() in bug.php on line 26

and so on.  If I move this block from the constructor to another method, it works.

$this->parser = xml_parser_create();
xml_set_object($this->parser, &$this);
xml_parser_set_option($this->parser, XML_OPTION_CASE_FOLDING, true);
xml_set_element_handler($this->parser, "startElement", "endElement");
xml_set_character_data_handler($this->parser, "defaultHandler");

 [2001-05-08 16:23 UTC] jon at csh dot rit dot edu
I still get a segfault here, pretty much the same as the last time:

#0  0x0 in ?? ()
#1  0x281e9d90 in zend_hash_find (ht=0x811b9e4, 
    arKey=0x815e1ec "defaulthandler", nKeyLength=15, pData=0xbfbfd2b0)
    at zend_hash.c:850
#2  0x281dde7d in call_user_function_ex (function_table=0x80b9280, 
    object_pp=0x81431c0, function_name=0x811bf6c, retval_ptr_ptr=0xbfbfd310, 
    param_count=2, params=0x811ba6c, no_separation=1, symbol_table=0x0)
    at zend_execute_API.c:397
#3  0x281ddbfd in call_user_function (function_table=0x80b9280, 
    object_pp=0x81431c0, function_name=0x811bf6c, retval_ptr=0x815e24c, 
    param_count=2, params=0xbfbfd3ac) at zend_execute_API.c:325
#4  0x2827389c in xml_call_handler (parser=0x814318c, handler=0x811bf6c, 
    argc=2, argv=0xbfbfd3ac) at xml.c:386
#5  0x282744cd in _xml_characterDataHandler (userData=0x814318c, 
    s=0xbfbfd41b "\n\200\202+(\f@\022\b0@\022\bE\223\021\b", len=1)
    at xml.c:804
#6  0x28285a40 in doContent (parser=0x8102400, startTagLevel=0, 
    enc=0x282b8280, 
    s=0x8124046 "\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intended recipient(s). Be sure you want to send before clicking h"..., 
    end=0x8126e29 "", nextPtr=0x0) at xmlparse.c:1383
#7  0x28284e89 in contentProcessor (parser=0x8102400, 
    start=0x8124022 "<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intended recipient(s). Be sur"..., 
    end=0x8126e29 "", endPtr=0x0) at xmlparse.c:957
#8  0x28286d9d in prologProcessor (parser=0x8102400, 
    s=0x8124022 "<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intended recipient(s). Be sur"..., 
    end=0x8126e29 "", nextPtr=0x0) at xmlparse.c:2036
#9  0x28286ab2 in prologInitProcessor (parser=0x8102400, 
    s=0x812400c "<?xml version='1.0'?>\n<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intende"..., 
    end=0x8126e29 "", nextPtr=0x0) at xmlparse.c:1967
#10 0x28284a04 in php_XML_Parse (parser=0x8102400, 
    s=0x812400c "<?xml version='1.0'?>\n<help>\n\n<entry id=\"compose-buttons\">\n    <title>Message Composition: Actions</title>\n    <heading>Actions</heading>\n    <para>\n    Send Message launches your email to the intende"..., 
    len=11805, isFinal=1) at xmlparse.c:779
#11 0x28275376 in php_if_xml_parse (ht=3, return_value=0x811bd2c, 
    this_ptr=0x0, return_value_used=0) at xml.c:1394
#12 0x281d7945 in execute (op_array=0x811f80c) at ./zend_execute.c:1504
#13 0x281d7b98 in execute (op_array=0x80ffd0c) at ./zend_execute.c:1544
#14 0x281e5e86 in zend_execute_scripts (type=8, file_count=3) at zend.c:748
#15 0x281f7754 in php_execute_script (primary_file=0xbfbff930) at main.c:1207
#16 0x281f3f6a in apache_php_module_main (r=0x8113034, display_source_mode=0)
    at sapi_apache.c:89
#17 0x281f494a in send_php (r=0x8113034, display_source_mode=0, filename=0x0)
    at mod_php4.c:532
#18 0x281f498a in send_parsed_php (r=0x8113034) at mod_php4.c:543
#19 0x8053fa1 in ap_invoke_handler ()
---Type <return> to continue, or q <return> to quit---
#20 0x80686a8 in process_request_internal ()
#21 0x8068712 in ap_process_request ()
#22 0x805f6df in child_main ()
#23 0x805f89d in make_child ()
#24 0x805fa16 in startup_children ()
#25 0x8060024 in standalone_main ()
#26 0x806083c in main ()
#27 0x804eaa1 in _start ()
 [2001-11-25 07:46 UTC] mfischer@php.net
Sorry to bug you once more, but can you try latest RC?

http://www.php.net/~zeev/php-4.1.0RC3.tar.gz

Feedback.
 [2001-11-26 23:41 UTC] jon@php.net
The problems appears to be fixed in PHP 4.1.0 RC3.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC