php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70288 Apache crash related to ZEND_SEND_REF
Submitted: 2015-08-18 08:01 UTC Modified: 2015-08-18 10:40 UTC
From: bensor987 at neuf dot fr Assigned: laruence
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0Git-2015-08-18 (snap) OS: Windows 7 Pro
Private report: No CVE-ID:
 [2015-08-18 08:01 UTC] bensor987 at neuf dot fr
Description:
------------
I've managed to locate this very tricky bug. It makes my Apache crash. It happens when :
- Using simplexml_load_file()
- Using a function, where the SimpleXML arg is "referenced"

It doesn't happen when I don't reference the arg or if I use simplexml_load_string().

See the test script for example.

I'm testing on snap "php-master-ts-windows-vc14-x86-r531fa70" (can't test on a more recent snap, Apache crashes on service startup), with Apache/2.4.12 (Win32)

Test script:
---------------
==segfault.xml==
<Menu>
	<Node title="">
	</Node>
</Menu>
==PHP script==
<?php
$xml = simplexml_load_file('segfault.xml');
function test(&$xml)
{
	var_dump($xml);
}
test($xml->Node);

Expected result:
----------------
Dump of the SimpleXML object

Actual result:
--------------
Crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-18 09:43 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2015-08-18 09:43 UTC] laruence@php.net
okey, this actually is not a simplexml specifical problem, it's in engine.. assign to me
 [2015-08-18 09:53 UTC] laruence@php.net
-Package: SimpleXML related +Package: Scripting Engine problem
 [2015-08-18 10:40 UTC] laruence@php.net
-Summary: Apache crash related to simplexml_load_file() +Summary: Apache crash related to ZEND_SEND_REF
 [2015-08-18 10:40 UTC] laruence@php.net
change title
 [2015-08-18 14:53 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e543769fa44fada6883537ab6684a993f45de3d9
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 [2015-08-18 14:53 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2015-08-18 16:23 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=be58583ced1d85fdc12f627d030db44854eff67c
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 [2015-09-03 18:10 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e543769fa44fada6883537ab6684a993f45de3d9
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e543769fa44fada6883537ab6684a993f45de3d9
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC