|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72085 SEGV on unknown address zif_xml_parse
Submitted: 2016-04-23 04:07 UTC Modified: 2016-08-16 23:26 UTC
From: fernando at null-life dot com Assigned: cmb (profile)
Status: Closed Package: *XML functions
PHP Version: 5.6.20 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: fernando at null-life dot com
New email:
PHP Version: OS:


 [2016-04-23 04:07 UTC] fernando at null-life dot com
Run attached script test with ASAN

Test script:

xml_set_element_handler($var1, new Exception(""), 4096);
xml_parse($var1,  str_repeat("<a>", 10));

Expected result:
No complains from asan

Actual result:
Warning: Invalid callback exception 'Exception' in /ramdisk/22/xmlparse.php:5
Stack trace:
#0 {main}, no array or string given in /ramdisk/22/xmlparse.php on line 6
==24991==ERROR: AddressSanitizer: SEGV on unknown address 0x00000005 (pc 0x094dd093 bp 0xb3f4a3e4 sp 0xbff2e810 T0)
    #0 0x94dd092 in zend_hash_index_find /home/fmunozs/phpgit/php56/Zend/zend_hash.c:942
    #1 0x90e7c39 in xml_call_handler /home/fmunozs/phpgit/php56/ext/xml/xml.c:538
    #2 0x90e7c39 in _xml_startElementHandler /home/fmunozs/phpgit/php56/ext/xml/xml.c:802
    #3 0x90ffd67 in _start_element_handler_ns /home/fmunozs/phpgit/php56/ext/xml/compat.c:190
    #4 0xb6f6e1a7  (/usr/lib/i386-linux-gnu/
    #5 0xb6f785f0  (/usr/lib/i386-linux-gnu/
    #6 0xb6f79f62 in xmlParseChunk (/usr/lib/i386-linux-gnu/
    #7 0x9102a2b in php_XML_Parse /home/fmunozs/phpgit/php56/ext/xml/compat.c:605
    #8 0x90dee1e in zif_xml_parse /home/fmunozs/phpgit/php56/ext/xml/xml.c:1454
    #9 0x9a7c718 in zend_do_fcall_common_helper_SPEC /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:558
    #10 0x9640316 in execute_ex /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:363
    #11 0x9a6c9c8 in zend_execute /home/fmunozs/phpgit/php56/Zend/zend_vm_execute.h:388
    #12 0x9470b59 in zend_execute_scripts /home/fmunozs/phpgit/php56/Zend/zend.c:1341
    #13 0x91acc6b in php_execute_script /home/fmunozs/phpgit/php56/main/main.c:2613
    #14 0x9a8648a in do_cli /home/fmunozs/phpgit/php56/sapi/cli/php_cli.c:994
    #15 0x808a502 in main /home/fmunozs/phpgit/php56/sapi/cli/php_cli.c:1378
    #16 0xb6d97645 in __libc_start_main (/lib/i386-linux-gnu/
    #17 0x808aaba  (/home/fmunozs/phpgit/php56/sapi/cli/php+0x808aaba)

AddressSanitizer can not provide additional info.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-16 22:22 UTC]
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2016-08-16 22:22 UTC]
-Summary: AddressSanitizer: SEGV on unknown address zif_xml_parse +Summary: SEGV on unknown address zif_xml_parse
 [2016-08-16 23:26 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 19:01:29 2024 UTC