From: fujimura at wakhok dot ac dot jp Operating system: Linux kernel-2.4.21 PHP version: 5CVS-2003-07-25 (dev) PHP Bug Type: XML related Bug description: xml_call_handler() causes segmentation fault
Description: ------------ ext/xml/xml.c:xml_call_handler() causes segmentation fault. Reproduce code: --------------- <?php function startElement() { } $parser = xml_parser_create(); xml_set_element_handler($parser, "startElement", "endElement"); xml_parse($parser, "<?xml version=\"1.0\"?><root />", true) OR die(xml_error_string(xml_get_error_code($parser))); xml_parser_free($parser); ?> Actual result: -------------- [EMAIL PROTECTED] public_html]$ gdb php GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-slackware-linux"... (gdb) run xml_parse.php Starting program: /usr/local/bin/php xml_parse.php Program received signal SIGSEGV, Segmentation fault. 0x081e7e4c in _zval_ptr_dtor (zval_ptr=0xbfffc97c, __zend_filename=0x825e220 "/home/fujimura/php-src/ext/xml/xml.c", __zend_lineno=423) at /home/fujimura/php-src/Zend/zend_execute_API.c:342 342 (*zval_ptr)->refcount--; (gdb) bt #0 0x081e7e4c in _zval_ptr_dtor (zval_ptr=0xbfffc97c, __zend_filename=0x825e220 "/home/fujimura/php-src/ext/xml/xml.c", __zend_lineno=423) at /home/fujimura/php-src/Zend/zend_execute_API.c:342 #1 0x081ab079 in xml_call_handler (parser=0x40436988, handler=0x40436b7c, function_ptr=0x0, argc=2, argv=0xbfffc9b8) at /home/fujimura/php-src/ext/xml/xml.c:423 #2 0x081abc7e in _xml_endElementHandler (userData=0x40436988, name=0x830f550 "root") at /home/fujimura/php-src/ext/xml/xml.c:753 #3 0x081ae851 in _end_element_handler (user=0x4042a0cc, name=0x830f410 "root") at /home/fujimura/php-src/ext/xml/compat.c:128 #4 0x402443be in xmlParseExtParsedEnt () from /usr/lib/libxml2.so.2 #5 0x40244db1 in xmlParseChunk () from /usr/lib/libxml2.so.2 #6 0x081aedc0 in php_XML_Parse (parser=0x4042a0cc, data=0x40437200 "<?xml version=\"1.0\"?><root />", data_len=29, is_final=1) at /home/fujimura/php-src/ext/xml/compat.c:400 #7 0x081ad357 in zif_xml_parse (ht=3, return_value=0x40436c8c, this_ptr=0x0, return_value_used=1) at /home/fujimura/php-src/ext/xml/xml.c:1321 #8 0x08211156 in execute_internal (execute_data_ptr=0xbfffcdb0, return_value_used=1) at /home/fujimura/php-src/Zend/zend_execute.c:1143 #9 0x4074b276 in xdebug_execute_internal (current_execute_data=0xbfffcdb0, return_value_used=1) at /home/fujimura/xdebug-1.2.0/xdebug.c:782 #10 0x08215917 in zend_do_fcall_common_helper (execute_data=0xbfffcdb0, op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:2513 #11 0x08215feb in zend_do_fcall_handler (execute_data=0xbfffcdb0, op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:2642 #12 0x082112a8 in execute (op_array=0x40435714) at /home/fujimura/php-src/Zend/zend_execute.c:1192 #13 0x4074afcc in xdebug_execute (op_array=0x40435714) at /home/fujimura/xdebug-1.2.0/xdebug.c:750 #14 0x081f37d0 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fujimura/php-src/Zend/zend.c:1017 #15 0x081b4af8 in php_execute_script (primary_file=0xbffff5f0) at /home/fujimura/php-src/main/main.c:1568 #16 0x0821dec8 in main (argc=2, argv=0xbffff694) at /home/fujimura/php-src/sapi/cli/php_cli.c:910 #17 0x4030bbb4 in __libc_start_main () from /lib/libc.so.6 -- Edit bug report at http://bugs.php.net/?id=24801&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=24801&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=24801&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=24801&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=24801&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=24801&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=24801&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=24801&r=support Expected behavior: http://bugs.php.net/fix.php?id=24801&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=24801&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=24801&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=24801&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24801&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=24801&r=dst IIS Stability: http://bugs.php.net/fix.php?id=24801&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=24801&r=gnused