From: tony2001 at phpclub dot net Operating system: Linux PHP version: 4.3.4 PHP Bug Type: Reproducible crash Bug description: domxslt->process causes segfault
Description: ------------ PHP segfaults when domxslt->process() is called. It seems to me, that this error is caused by memory corruption, cause I can see, using printf(), in node_wrapper_free(), that wrapper contains some html-code sometimes. Reproduce code: --------------- //full code could be grabbed from: //http://tony2001.phpclub.net/temp/domxslt.tar.gz $xml = domxml_open_mem(file_get_contents("./area_name.xml")); $xslt = domxml_xslt_stylesheet_file('./area_list.xsl'); $xslt->process($xml, Array()); Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x4033ebdb in zend_hash_index_find (ht=0xffffffff, h=0, pData=0xffffffff) at /root/CVS/php-src_PHP_4_3/Zend/zend_hash.c:960 960 nIndex = h & ht->nTableMask; (gdb) bt #0 0x4033ebdb in zend_hash_index_find (ht=0xffffffff, h=0, pData=0xffffffff) at /root/CVS/php-src_PHP_4_3/Zend/zend_hash.c:960 #1 0x4024615a in node_wrapper_free (node=0x8180788) at /root/CVS/php-src_PHP_4_3/ext/domxml/php_domxml.c:622 #2 0x40246270 in node_list_wrapper_dtor (node=0x8180788, destroyref=1) at /root/CVS/php-src_PHP_4_3/ext/domxml/php_domxml.c:670 #3 0x40238ca3 in php_free_xml_doc (rsrc=0xffffffff) at /root/CVS/php-src_PHP_4_3/ext/domxml/php_domxml.c:653 #4 0x4033f650 in list_entry_destructor (ptr=0x81ab9c4) at /root/CVS/php-src_PHP_4_3/Zend/zend_list.c:177 #5 0x4033e188 in zend_hash_apply_deleter (ht=0x40466ac0, p=0x81ab9c4) at /root/CVS/php-src_PHP_4_3/Zend/zend_hash.c:608 #6 0x4033e22c in zend_hash_graceful_reverse_destroy (ht=0x40466ac0) at /root/CVS/php-src_PHP_4_3/Zend/zend_hash.c:674 #7 0x4033f80f in zend_destroy_rsrc_list (ht=0xffffffff) at /root/CVS/php-src_PHP_4_3/Zend/zend_list.c:233 #8 0x40330e96 in shutdown_executor () at /root/CVS/php-src_PHP_4_3/Zend/zend_execute_API.c:213 #9 0x40338f76 in zend_deactivate () at /root/CVS/php-src_PHP_4_3/Zend/zend.c:665 #10 0x4030c836 in php_request_shutdown (dummy=0x0) at /root/CVS/php-src_PHP_4_3/main/main.c:998 #11 0x4034ba8c in apache_php_module_main (r=0x817c8ec, display_source_mode=0) at /root/CVS/php-src_PHP_4_3/sapi/apache/sapi_apache.c:60 #12 0x4034c656 in send_php (r=0x817c8ec, display_source_mode=0, filename=0x0) at /root/CVS/php-src_PHP_4_3/sapi/apache/mod_php4.c:620 #13 0x4034c815 in send_parsed_php (r=0x817c8ec) at /root/CVS/php-src_PHP_4_3/sapi/apache/mod_php4.c:635 #14 0x08068eee in ap_invoke_handler () #15 0x0807e83e in process_request_internal () #16 0x0807ec74 in ap_internal_redirect () #17 0x0805e39a in handle_dir () #18 0x08068eee in ap_invoke_handler () #19 0x0807e83e in process_request_internal () #20 0x0807e89b in ap_process_request () #21 0x0807535f in child_main () #22 0x08075511 in make_child () #23 0x08075690 in startup_children () #24 0x08075d00 in standalone_main () #25 0x0807659a in main () #26 0x400d1af7 in __libc_start_main () from /lib/i686/libc.so.6 -- Edit bug report at http://bugs.php.net/?id=26384&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26384&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26384&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=26384&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=26384&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=26384&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=26384&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=26384&r=support Expected behavior: http://bugs.php.net/fix.php?id=26384&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=26384&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=26384&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=26384&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26384&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=26384&r=dst IIS Stability: http://bugs.php.net/fix.php?id=26384&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=26384&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=26384&r=float