php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78577 Crash in DOMNameSpace debug info handlers
Submitted: 2019-09-20 18:29 UTC Modified: 2023-06-09 19:53 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: beberlei@php.net Assigned: beberlei (profile)
Status: Closed Package: DOM XML related
PHP Version: 7.3.9 OS: Any
Private report: No CVE-ID: None
 [2019-09-20 18:29 UTC] beberlei@php.net
Description:
------------
When calling var_dump on a DOMNameSpaceNode representing the "xmlns" namespace (not on other namespaces).

Test script:
---------------
<?php

$doc = DOMDocument::loadXML('<foo xmlns="http://php.net/test" xmlns:foo="urn:foo" />');

$attr = $doc->documentElement->getAttributeNode('xmlns');
var_dump($attr);


Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00005555556faedb in php_libxml_node_free_list (node=0x21) at /opt/phpbuild/7.3/php-7.3.8/ext/libxml/libxml.c:233
233				switch (node->type) {
(gdb) bt
#0  0x00005555556faedb in php_libxml_node_free_list (node=0x21) at /opt/phpbuild/7.3/php-7.3.8/ext/libxml/libxml.c:233
#1  0x00005555556faf69 in php_libxml_node_free_list (node=0x55555678b3b0) at /opt/phpbuild/7.3/php-7.3.8/ext/libxml/libxml.c:253
#2  0x00005555556fe3fd in php_libxml_node_free_resource (node=0x55555678b530) at /opt/phpbuild/7.3/php-7.3.8/ext/libxml/libxml.c:1300
#3  0x00005555556fe4dc in php_libxml_node_decrement_resource (object=0x7ffff5464960) at /opt/phpbuild/7.3/php-7.3.8/ext/libxml/libxml.c:1335
#4  0x000055555590ce71 in dom_objects_free_storage (object=0x7ffff5464978) at /opt/phpbuild/7.3/php-7.3.8/ext/dom/php_dom.c:1042
#5  0x0000555555cf3819 in zend_objects_store_del (object=0x7ffff5464978) at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_objects_API.c:190
#6  0x0000555555c9a079 in zend_object_destroy_wrapper (obj=0x7ffff5464978) at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_variables.c:95
#7  0x0000555555c99ee9 in rc_dtor_func (p=0x7ffff5464978) at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_variables.c:65
#8  0x0000555555c99e6c in i_zval_ptr_dtor (zval_ptr=0x7fffffff9fd0, __zend_filename=0x555556435b38 "/opt/phpbuild/7.3/php-7.3.8/Zend/zend_variables.c", __zend_lineno=111)
    at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_variables.h:44
#9  0x0000555555c9a0d6 in zval_ptr_dtor (zval_ptr=0x7fffffff9fd0) at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_variables.c:111
#10 0x0000555555909730 in dom_get_debug_info_helper (object=0x7ffff541f150, is_temp=0x7fffffffa03c) at /opt/phpbuild/7.3/php-7.3.8/ext/dom/php_dom.c:440
#11 0x00005555559097e6 in dom_get_debug_info (object=0x7ffff541f150, is_temp=0x7fffffffa03c) at /opt/phpbuild/7.3/php-7.3.8/ext/dom/php_dom.c:456
#12 0x0000555555b47743 in php_var_dump (struc=0x7ffff541f150, level=1) at /opt/phpbuild/7.3/php-7.3.8/ext/standard/var.c:148
#13 0x0000555555b47ce7 in zif_var_dump (execute_data=0x7ffff541f100, return_value=0x7fffffffa1a0) at /opt/phpbuild/7.3/php-7.3.8/ext/standard/var.c:205
#14 0x0000555555d069b0 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_vm_execute.h:645
#15 0x0000555555d73f57 in execute_ex (ex=0x7ffff541f030) at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_vm_execute.h:55461
#16 0x0000555555d7958a in zend_execute (op_array=0x7ffff5482300, return_value=0x0) at /opt/phpbuild/7.3/php-7.3.8/Zend/zend_vm_execute.h:60881
#17 0x0000555555c9dfa4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /opt/phpbuild/7.3/php-7.3.8/Zend/zend.c:1568
#18 0x0000555555c03d2e in php_execute_script (primary_file=0x7fffffffc9a0) at /opt/phpbuild/7.3/php-7.3.8/main/main.c:2634
#19 0x0000555555d7c3a3 in do_cli (argc=2, argv=0x555556617640) at /opt/phpbuild/7.3/php-7.3.8/sapi/cli/php_cli.c:997
#20 0x0000555555d7d532 in main (argc=2, argv=0x555556617640) at /opt/phpbuild/7.3/php-7.3.8/sapi/cli/php_cli.c:1389

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-09-20 18:30 UTC] beberlei@php.net
-Assigned To: +Assigned To: beberlei
 [2019-09-20 21:21 UTC] beberlei@php.net
The following pull request has been associated:

Patch Name: Fixed bug #78577
On GitHub:  https://github.com/php/php-src/pull/4731
Patch:      https://github.com/php/php-src/pull/4731.patch
 [2023-06-09 19:53 UTC] nielsdos@php.net
-Status: Assigned +Status: Closed
 [2023-06-09 19:53 UTC] nielsdos@php.net
The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

Fixed via https://github.com/php/php-src/commit/f2d673fb18cc6a6c88bf588f39fd1aa9dcfec964
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 04:01:31 2024 UTC