php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68780 segfault when libxml error occurs
Submitted: 2015-01-09 15:40 UTC Modified: 2020-12-20 04:22 UTC
From: webmaster at jbfavre dot org Assigned: cmb (profile)
Status: No Feedback Package: FPM related
PHP Version: 5.6.4 OS: debian
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: webmaster at jbfavre dot org
New email:
PHP Version: OS:

 

 [2015-01-09 15:40 UTC] webmaster at jbfavre dot org
Description:
------------
Using fulltextrss php application, I got a segfault while processing a single URL:
http://www.la-croix.com/Actualite/Monde/Une-femen-incarceree-au-Vatican-2014-12-27-1285422

This application purpose is to analyze given URL and extract relevant content (so no ads) from it.
I made a core dump and looked into it (backtrace below)

Same processing with PHP CLI goes well, without any segfault.

Test script:
---------------
Unfortunatly, I couldn't identify the exact function that cause segfault.
I uploaded whole source code, as well as a core dump and a markdown file explaining how to reproduce it here:
http://downloads.jbfavre.org/php-fpm-segfault-libxml.tar.gz

Actual result:
--------------
#0  _zend_mm_free_int (heap=0x7f7c4dd773f0, p=0x7f7c4dd77400) at /build/php5-8hNTmf/php5-5.6.4+dfsg/Zend/zend_alloc.c:2104
#1  0x000000000068511d in php_verror (docref=0x7f7c4d680c28 "\270\274\227\001", params=0xb27e2b "", type=2, 
    format=0x7f7c4de32538 "\245\265\034\303\326U\367AJ", format@entry=0x2 <error: Cannot access memory at address 0x2>, 
    args=0x0, args@entry=0x7fff1cdca040) at /build/php5-8hNTmf/php5-5.6.4+dfsg/main/main.c:944
#2  0x000000000068556b in php_error_docref0 (docref=docref@entry=0x0, type=type@entry=2, format=format@entry=0xb5835e "%s")
    at /build/php5-8hNTmf/php5-5.6.4+dfsg/main/main.c:958
#3  0x000000000049b4f3 in php_libxml_internal_error_handler (error_type=error_type@entry=0, ctx=0x0, 
    ap=ap@entry=0x7fff1cdca160, msg=<optimized out>) at /build/php5-8hNTmf/php5-5.6.4+dfsg/ext/libxml/libxml.c:547
#4  0x000000000049b5fc in php_libxml_error_handler (ctx=<optimized out>, msg=<optimized out>)
    at /build/php5-8hNTmf/php5-5.6.4+dfsg/ext/libxml/libxml.c:727
#5  0x00007f7c5a358eb5 in ?? () from /usr/lib/x86_64-linux-gnu/libxml2.so.2
#6  0x00007f7c5a3591c6 in ?? () from /usr/lib/x86_64-linux-gnu/libxml2.so.2
#7  0x00007f7c5a35b0b5 in __xmlRaiseError () from /usr/lib/x86_64-linux-gnu/libxml2.so.2
#8  0x00007f7c5a36f052 in ?? () from /usr/lib/x86_64-linux-gnu/libxml2.so.2
#9  0x00007f7c5a3773bf in xmlParseElement () from /usr/lib/x86_64-linux-gnu/libxml2.so.2


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-09 16:43 UTC] jpauli@php.net
I can reproduce in non debug mode, but not in debug mode
 [2020-12-07 17:29 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2020-12-07 17:29 UTC] cmb@php.net
Is that still an issue with any of the actively supported PHP
versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2020-12-20 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jun 21 01:01:23 2021 UTC