php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66783 Double free or corruption if appending DOMDocument to element
Submitted: 2014-02-26 21:32 UTC Modified: 2015-07-10 16:10 UTC
From: mfonda@php.net Assigned:
Status: Open Package: DOM XML related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mfonda@php.net
New email:
PHP Version: OS:

 

 [2014-02-26 21:32 UTC] mfonda@php.net
Description:
------------
Occurs when attempting to append a DOMDocument to a node within the document.

Test script:
---------------
<?php
$dom = new DomDocument;
$dom->loadXML('<root></root>');
$e = $dom->createElement('e');
$e->appendChild($dom);

Actual result:
--------------
*** glibc detected *** php: double free or corruption (!prev): 0x0000000001bff0e0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7fbb1bf08b96]
/usr/lib/x86_64-linux-gnu/libxml2.so.2(xmlFreeDoc+0x169)[0x7fbb1c29cbb9]
php(php_libxml_decrement_doc_ref+0x35)[0x4a0b35]
php(dom_objects_free_storage+0x2f)[0x4c3d9f]
php(zend_objects_store_del_ref_by_handle_ex+0x257)[0x7088a7]
php(zend_objects_store_del_ref+0x13)[0x7088c3]
php(_zval_ptr_dtor+0x58)[0x6cff08]
php[0x6ecaf5]
php(zend_hash_reverse_apply+0x71)[0x6ee601]
php(shutdown_destructors+0x61)[0x6d0211]
php(zend_call_destructors+0x37)[0x6dfd07]
php(php_request_shutdown+0x385)[0x67e4f5]
php[0x78cc42]
php(main+0x531)[0x464ad1]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7fbb1beab76d]
php[0x464b5d]

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-02-27 17:10 UTC] krakjoe@php.net
https://bugs.php.net/bug.php?id=61797

It's because of that ... if anyone has input, I'm happy to patch it ...
 [2015-07-10 16:10 UTC] cmb@php.net
Related to bug #66551.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Aug 06 02:01:24 2020 UTC