php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70288 Apache crash related to ZEND_SEND_REF
Submitted: 2015-08-18 08:01 UTC Modified: 2015-08-18 10:40 UTC
From: bensor987 at neuf dot fr Assigned: laruence (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0Git-2015-08-18 (snap) OS: Windows 7 Pro
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bensor987 at neuf dot fr
New email:
PHP Version: OS:

 

 [2015-08-18 08:01 UTC] bensor987 at neuf dot fr
Description:
------------
I've managed to locate this very tricky bug. It makes my Apache crash. It happens when :
- Using simplexml_load_file()
- Using a function, where the SimpleXML arg is "referenced"

It doesn't happen when I don't reference the arg or if I use simplexml_load_string().

See the test script for example.

I'm testing on snap "php-master-ts-windows-vc14-x86-r531fa70" (can't test on a more recent snap, Apache crashes on service startup), with Apache/2.4.12 (Win32)

Test script:
---------------
==segfault.xml==
<Menu>
	<Node title="">
	</Node>
</Menu>
==PHP script==
<?php
$xml = simplexml_load_file('segfault.xml');
function test(&$xml)
{
	var_dump($xml);
}
test($xml->Node);

Expected result:
----------------
Dump of the SimpleXML object

Actual result:
--------------
Crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-18 09:43 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2015-08-18 09:43 UTC] laruence@php.net
okey, this actually is not a simplexml specifical problem, it's in engine.. assign to me
 [2015-08-18 09:53 UTC] laruence@php.net
-Package: SimpleXML related +Package: Scripting Engine problem
 [2015-08-18 10:40 UTC] laruence@php.net
-Summary: Apache crash related to simplexml_load_file() +Summary: Apache crash related to ZEND_SEND_REF
 [2015-08-18 10:40 UTC] laruence@php.net
change title
 [2015-08-18 14:53 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e543769fa44fada6883537ab6684a993f45de3d9
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 [2015-08-18 14:53 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2015-08-18 16:23 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=be58583ced1d85fdc12f627d030db44854eff67c
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 [2015-09-03 18:10 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e543769fa44fada6883537ab6684a993f45de3d9
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e543769fa44fada6883537ab6684a993f45de3d9
Log: Fixed bug #70288 (Apache crash related to ZEND_SEND_REF)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 13 04:01:26 2024 UTC