ID: 35785
Updated by: [EMAIL PROTECTED]
Reported By: TheFFF at gmail dot com
Status: Assigned
Bug Type: SimpleXML related
Operating System: *
PHP Version: 5CVS-2005-12-26 (cvs)
Assigned To: helly
New Comment:
In HEAD the following raises an error now, but no more mem corruption:
$xml->bla-props[0]->name = $val;
This works now:
$xml->bla->props->name = $val;
Previous Comments:
------------------------------------------------------------------------
[2005-12-26 13:20:04] [EMAIL PROTECTED]
>From dmitry:
The problem is:
$xml->bla-props[0]->name = 0;
For nonexisting element "props" simplexml returns NULL with refcount ==
0;
Then ZE trying to assign dimension into it;
It converts NULL into array;
inserts uninitialized zval into it (for index 0);
stores zval** for next opcode
Then it destroys array, because refcount is 0 (this 0 comes from
simplexml)
Next opcode crashes because stored zval** is destroyed together with
array.
This bug must be fixed in ext/simplexml.
It must care about "type" argument of read_property() callback and
implement
implicit element/attribute creation or prohibit it.
ZE cannot handle such assignment automatic. (It uses get_zval_ptr_ptr()
for
that, but simplexml doesn't define it).
So this goes back to me
------------------------------------------------------------------------
[2005-12-23 15:16:55] [EMAIL PROTECTED]
Reproducible with 5.1.2-dev.
The backtrace is quite useless:
Program received signal SIGSEGV, Segmentation fault.
0x081d285e in zend_pzval_unlock_func (z=0x5a5a5a5a,
should_free=0xbfffc76c) at
/usr/src/dev/clean/php-src_5_1/Zend/zend_execute.c:66
66 if (!--z->refcount) {
(gdb) bt
#0 0x081d285e in zend_pzval_unlock_func (z=0x5a5a5a5a,
should_free=0xbfffc76c) at
/usr/src/dev/clean/php-src_5_1/Zend/zend_execute.c:66
#1 0x081d2c16 in _get_zval_ptr_ptr_var (node=0x82d8558, Ts=0xbfffc7c0,
should_free=0xbfffc76c) at
/usr/src/dev/clean/php-src_5_1/Zend/zend_execute.c:259
#2 0x081a4270 in ZEND_ASSIGN_OBJ_SPEC_VAR_CONST_HANDLER
(execute_data=0xbfffca30) at zend_vm_execute.h:8726
#3 0x0818f3ad in execute (op_array=0x82d3ed4) at zend_vm_execute.h:92
#4 0x081727c8 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/dev/clean/php-src_5_1/Zend/zend.c:1101
#5 0x0812f104 in php_execute_script (primary_file=0xbfffeed0) at
/usr/src/dev/clean/php-src_5_1/main/main.c:1720
#6 0x081d5d2e in main (argc=2, argv=0xbfffefb4) at
/usr/src/dev/clean/php-src_5_1/sapi/cli/php_cli.c:1077
------------------------------------------------------------------------
[2005-12-23 12:14:24] TheFFF at gmail dot com
Description:
------------
trying to set some values
Reproduce code:
---------------
<?php
$options["database"] = "xmldatabase";
$x = simplexml_load_string("<root></root>");
$count = count($x -> posts) + 1;
$x -> bla -> posts[$count] -> name = $_POST["name"];
echo $x -> asXML();
?>
also getting the error with simplexml_load_file();
Expected result:
----------------
bla dosen't exist so some kinda error
Actual result:
--------------
The instuction at "0x006d693c" referenced memory "0x000000c". The
memory could not be "read"
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35785&edit=1
