ID: 41346
Updated by: [EMAIL PROTECTED]
Reported By: wouter at widexs dot nl
-Status: Open
+Status: Feedback
Bug Type: *XML functions
Operating System: Linux
PHP Version: 4.4.7
New Comment:
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
You might want to try a newer libxml2 version as it looks like the
crash might be caused there. (cant be sure without a reproduceable case
though)
Previous Comments:
------------------------------------------------------------------------
[2007-05-10 07:53:07] wouter at widexs dot nl
Description:
------------
PHP 4.4.7 as Apache 2.0.59 DSO module gives a segmentation fault when
parsing specific xml code.
I've been unable to locate the exact code as of yet that triggers this.
(since multiple clients use the piece of code i found in the backtrace)
A 'bt full' is also available, which might reveal more info for you.
I've disabled any Zend + 3rd-party extensions, thus only PHP-only
extensions built-in.
Reproduce code:
---------------
Don't have it, though it has to be something like this :
#16 0xb75b8952 in domxml_document_parser (mode=144905360, loadtype=0,
source=0x8ac77e4 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0
Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<head
profile=\"http://gmpg.org/x";..., data=0x0)
at
/opt/install/widexs_apache_2006_026/php-4.4.7/ext/domxml/php_domxml.c:4006
Which is used in WordPress CMS if I'm correct.
Expected result:
----------------
No segmentation fault :)
Actual result:
--------------
backtrace :
(gdb) bt
#0 0xb7a21df3 in free () from /lib/libc.so.6
#1 0xb6faf788 in xmlResetError__internal_alias (err=0xbfd65360) at
error.c:871
#2 0xb6faeb94 in __xmlRaiseError (schannel=0, channel=0xb75b2ebc
<domxml_error_validate>, data=0xbfd651e0, ctx=0xbfd651e0, nod=0x8ae0ee8,
domain=23,
code=504, level=XML_ERR_ERROR, file=0x0, line=-2147483636,
str1=0x8b247f8 "ul", str2=0x8b247f8 "ul", str3=0xbfd62690 "()", int1=35,
col=1,
msg=0xb70706a0 "Element %s content does not follow the DTD,
expecting %s, got %s\n") at error.c:534
#3 0xb6fda6f8 in xmlErrValidNode (ctxt=0x23, node=0x8ae0ee8,
error=XML_DTD_CONTENT_MODEL,
msg=0xb70706a0 "Element %s content does not follow the DTD,
expecting %s, got %s\n", str1=0xb7adc4a4 "", str2=0xbfd63a20 "(li)+",
str3=0xbfd62690 "()")
at valid.c:152
#4 0xb6fe0763 in xmlValidateElementContent (ctxt=0x8a314fc,
child=0x8ae0f38, elemDecl=0xbfd62690, warn=1, parent=0x8ae0ee8) at
valid.c:5366
#5 0xb6fe15f6 in xmlValidateOneElement__internal_alias
(ctxt=0x8a314fc, doc=0x8ae0f38, elem=0x8ae0ee8) at valid.c:6052
#6 0xb705b5d4 in xmlSAX2EndElementNs__internal_alias (ctx=0x8a31490,
localname=0x8b06f4a "ul", prefix=0x0, URI=0x8b06ddf
"http://www.w3.org/1999/xhtml";)
at SAX2.c:2315
#7 0xb6fbf56e in xmlParseEndTag2 (ctxt=0x8a31490, prefix=0x0,
URI=0x8b06ddf "http://www.w3.org/1999/xhtml";, line=28, nsNr=0, tlen=0)
at parser.c:8207
#8 0xb6fbff9d in xmlParseElement__internal_alias (ctxt=0x8a31490) at
parser.c:8542
#9 0xb6fbfcef in xmlParseContent__internal_alias (ctxt=0x8a31490) at
parser.c:8361
#10 0xb6fbff56 in xmlParseElement__internal_alias (ctxt=0x8a31490) at
parser.c:8521
#11 0xb6fbfcef in xmlParseContent__internal_alias (ctxt=0x8a31490) at
parser.c:8361
#12 0xb6fbff56 in xmlParseElement__internal_alias (ctxt=0x8a31490) at
parser.c:8521
#13 0xb6fbfcef in xmlParseContent__internal_alias (ctxt=0x8a31490) at
parser.c:8361
#14 0xb6fbff56 in xmlParseElement__internal_alias (ctxt=0x8a31490) at
parser.c:8521
#15 0xb6fc1133 in xmlParseDocument__internal_alias (ctxt=0x8a31490) at
parser.c:9129
#16 0xb75b8952 in domxml_document_parser (mode=144905360, loadtype=0,
source=0x8ac77e4 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0
Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\";>\r\n<html
xmlns=\"http://www.w3.org/1999/xhtml\";>\r\n<head
profile=\"http://gmpg.org/x";..., data=0x0)
at
/opt/install/widexs_apache_2006_026/php-4.4.7/ext/domxml/php_domxml.c:4006
#17 0xb75b8a46 in zif_xmldoc (ht=2, return_value=0x8a31264,
this_ptr=0x0, return_value_used=1)
at
/opt/install/widexs_apache_2006_026/php-4.4.7/ext/domxml/php_domxml.c:4042
#18 0xb76d576a in execute (op_array=0x8a9ee10) at
/opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend_execute.c:1681
#19 0xb76d551c in execute (op_array=0x8a40960) at
/opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend_execute.c:1725
#20 0xb76d551c in execute (op_array=0x8984534) at
/opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend_execute.c:1725
#21 0xb76c8fbf in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at
/opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend.c:939
#22 0xb76a4068 in php_execute_script (primary_file=0xbfd6ab70) at
/opt/install/widexs_apache_2006_026/php-4.4.7/main/main.c:1757
#23 0xb76d96a7 in php_handler (r=0x8978608) at
/opt/install/widexs_apache_2006_026/php-4.4.7/sapi/apache2handler/sapi_apache2.c:581
#24 0x080af902 in ap_run_handler ()
#25 0x080b0071 in ap_invoke_handler ()
#26 0x0809050d in ap_process_request ()
#27 0x0808a977 in ap_process_http_connection ()
#28 0x080bc422 in ap_run_process_connection ()
#29 0x080bc810 in ap_process_connection ()
#30 0x080ae19f in child_main ()
#31 0x080ae329 in make_child ()
#32 0x080ae39e in startup_children ()
#33 0x080ae7a7 in ap_mpm_run ()
#34 0x080b54b9 in main ()
#35 0xb79d0b94 in __libc_start_main () from /lib/libc.so.6
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=41346&edit=1
