#24801 [NEW]: xml_call_handler() causes segmentation fault

fujimura at wakhok dot ac dot jp Fri, 25 Jul 2003 01:49:33 -0700

From:             fujimura at wakhok dot ac dot jp
Operating system: Linux kernel-2.4.21
PHP version:      5CVS-2003-07-25 (dev)
PHP Bug Type:     XML related
Bug description:  xml_call_handler() causes segmentation fault


Description:
------------
ext/xml/xml.c:xml_call_handler() causes segmentation fault.

Reproduce code:
---------------
<?php

function startElement() { }

$parser = xml_parser_create();

xml_set_element_handler($parser, "startElement", "endElement");

xml_parse($parser, "<?xml version=\"1.0\"?><root />", true) OR
die(xml_error_string(xml_get_error_code($parser)));

xml_parser_free($parser);

?>


Actual result:
--------------
[EMAIL PROTECTED] public_html]$ gdb php
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-slackware-linux"...
(gdb) run xml_parse.php
Starting program: /usr/local/bin/php xml_parse.php

Program received signal SIGSEGV, Segmentation fault.
0x081e7e4c in _zval_ptr_dtor (zval_ptr=0xbfffc97c,
__zend_filename=0x825e220 "/home/fujimura/php-src/ext/xml/xml.c",
__zend_lineno=423)
    at /home/fujimura/php-src/Zend/zend_execute_API.c:342
342             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x081e7e4c in _zval_ptr_dtor (zval_ptr=0xbfffc97c,
__zend_filename=0x825e220 "/home/fujimura/php-src/ext/xml/xml.c",
__zend_lineno=423)
    at /home/fujimura/php-src/Zend/zend_execute_API.c:342
#1  0x081ab079 in xml_call_handler (parser=0x40436988, handler=0x40436b7c,
function_ptr=0x0, argc=2, argv=0xbfffc9b8)
    at /home/fujimura/php-src/ext/xml/xml.c:423
#2  0x081abc7e in _xml_endElementHandler (userData=0x40436988,
name=0x830f550 "root") at /home/fujimura/php-src/ext/xml/xml.c:753
#3  0x081ae851 in _end_element_handler (user=0x4042a0cc, name=0x830f410
"root") at /home/fujimura/php-src/ext/xml/compat.c:128
#4  0x402443be in xmlParseExtParsedEnt () from /usr/lib/libxml2.so.2
#5  0x40244db1 in xmlParseChunk () from /usr/lib/libxml2.so.2
#6  0x081aedc0 in php_XML_Parse (parser=0x4042a0cc, data=0x40437200 "<?xml
version=\"1.0\"?><root />", data_len=29, is_final=1)
    at /home/fujimura/php-src/ext/xml/compat.c:400
#7  0x081ad357 in zif_xml_parse (ht=3, return_value=0x40436c8c,
this_ptr=0x0, return_value_used=1) at
/home/fujimura/php-src/ext/xml/xml.c:1321
#8  0x08211156 in execute_internal (execute_data_ptr=0xbfffcdb0,
return_value_used=1) at /home/fujimura/php-src/Zend/zend_execute.c:1143
#9  0x4074b276 in xdebug_execute_internal
(current_execute_data=0xbfffcdb0, return_value_used=1) at
/home/fujimura/xdebug-1.2.0/xdebug.c:782
#10 0x08215917 in zend_do_fcall_common_helper (execute_data=0xbfffcdb0,
op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:2513
#11 0x08215feb in zend_do_fcall_handler (execute_data=0xbfffcdb0,
op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:2642
#12 0x082112a8 in execute (op_array=0x40435714) at
/home/fujimura/php-src/Zend/zend_execute.c:1192
#13 0x4074afcc in xdebug_execute (op_array=0x40435714) at
/home/fujimura/xdebug-1.2.0/xdebug.c:750
#14 0x081f37d0 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/fujimura/php-src/Zend/zend.c:1017
#15 0x081b4af8 in php_execute_script (primary_file=0xbffff5f0) at
/home/fujimura/php-src/main/main.c:1568
#16 0x0821dec8 in main (argc=2, argv=0xbffff694) at
/home/fujimura/php-src/sapi/cli/php_cli.c:910
#17 0x4030bbb4 in __libc_start_main () from /lib/libc.so.6


-- 
Edit bug report at http://bugs.php.net/?id=24801&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=24801&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=24801&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=24801&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=24801&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=24801&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=24801&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=24801&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=24801&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=24801&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=24801&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=24801&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24801&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=24801&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=24801&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=24801&r=gnused

#24801 [NEW]: xml_call_handler() causes segmentation fault

Reply via email to