From: brad at hostland dot com
Operating system: Trustix 2.4-kernel
PHP version: 5CVS-2005-10-10 (snap)
PHP Bug Type: Reproducible crash
Bug description: Function Crashes PHP
Description:
------------
The function listed below is crashing PHP constantly. It only crashes when
certain data is passed to the function and I don't know enough about gdb to
tell you the specific data that would make it crash. Hopefully you will be
able to figure it out from the backtrace.
I was having this problem with 5.0.5, so I installed the latest 5.1
snapshot and it still has the same problem. Please let me know if you want
me to send you an actual core dump, or if there are additional gdb commands
you want me to run against the core dump.
Reproduce code:
---------------
function _checkNodeTest($contextPath, $nodeTest) {
if ($nodeTest == '*') {
return (!preg_match(':/[^/]+\(\)\[\d+\]$:U', $contextPath));
}
elseif (preg_match('/^[\w-:\.]+$/', $nodeTest)) {
return (preg_match('"/'.$nodeTest.'\[\d+\]$"', $contextPath));
}
elseif (preg_match('/\(/U', $nodeTest)) { // Check whether it's a
function.
// Get the type of function to use.
$function = $this->_prestr($nodeTest, '(');
// Check whether the node fits the method.
switch ($function) {
case 'node': // Add this node to the list of nodes.
return TRUE;
case 'text': // Check whether the node has some text.
$tmp = implode('',
$this->nodeIndex[$contextPath]['textParts']);
if (!empty($tmp)) {
return TRUE; // Add this node to the list of nodes.
}
break;
default: // Display an error message.
$this->_displayError('While parsing an XPath query there was an
undefined function called "' .
str_replace($function, '<b>'.$function.'</b>',
$this->currentXpathQuery) .'"', __LINE__, __FILE__);
}
}
else { // Display an error message.
$this->_displayError("While parsing the XPath query
\"{$this->currentXpathQuery}\" ".
"an empty and therefore invalid node-test has been found.",
__LINE__, __FILE__, FALSE);
}
return FALSE; // Don't add this context.
}
Expected result:
----------------
The function should return a boolean value indicating whether or not the
string that was passed to it is a valid XPath node.
Actual result:
--------------
(gdb) bt
#0 0x082b9d5b in is_numeric_string (str=0x876a934 "node()", length=6,
lval=0xbf9fff54, dval=0xbf9fff48, allow_errors=0 '\0')
at zend_operators.h:83
#1 0x082b999e in zendi_smart_strcmp (result=0xbfa00060, s1=0x879ee0c,
s2=0x85faa04) at /tmp/php5-200510092230/Zend/zend_operators.c:1894
#2 0x082b81c0 in compare_function (result=0xbfa00060, op1=0x879ee0c,
op2=0x85faa04) at /tmp/php5-200510092230/Zend/zend_operators.c:1318
#3 0x082b8daf in is_equal_function (result=0xbfa00060, op1=0x879ee0c,
op2=0x85faa04) at /tmp/php5-200510092230/Zend/zend_operators.c:1474
#4 0x08316795 in ZEND_IS_EQUAL_SPEC_CV_CONST_HANDLER
(execute_data=0xbfa00330)
at zend_vm_execute.h:19994
#5 0x082e4226 in execute (op_array=0x8680dcc) at zend_vm_execute.h:88
#6 0x082e4690 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfa00600)
at zend_vm_execute.h:224
#7 0x082e4acd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfa00600)
at zend_vm_execute.h:310
#8 0x082e4226 in execute (op_array=0x868158c) at zend_vm_execute.h:88
#9 0x082e4690 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfa008d0)
at zend_vm_execute.h:224
#10 0x082e4acd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfa008d0)
at zend_vm_execute.h:310
#11 0x082e4226 in execute (op_array=0x868158c) at zend_vm_execute.h:88
#12 0x082e4690 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfa00ba0)
at zend_vm_execute.h:224
(gdb) frame 5
#5 0x082e4226 in execute (op_array=0x8680dcc) at zend_vm_execute.h:88
88 if (EX(opline)->handler(&execute_data TSRMLS_CC) >
0) {
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.funtion_name
$2 = 0x85f607c "_checkNodeTest"
--
Edit bug report at http://bugs.php.net/?id=34800&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34800&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=34800&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=34800&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=34800&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=34800&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=34800&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=34800&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=34800&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=34800&r=support
Expected behavior: http://bugs.php.net/fix.php?id=34800&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=34800&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=34800&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=34800&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34800&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=34800&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=34800&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=34800&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=34800&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=34800&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=34800&r=mysqlcfg
