ID: 41346 Updated by: [EMAIL PROTECTED] Reported By: wouter at widexs dot nl -Status: Open +Status: Feedback Bug Type: *XML functions Operating System: Linux PHP Version: 4.4.7 New Comment:
Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. You might want to try a newer libxml2 version as it looks like the crash might be caused there. (cant be sure without a reproduceable case though) Previous Comments: ------------------------------------------------------------------------ [2007-05-10 07:53:07] wouter at widexs dot nl Description: ------------ PHP 4.4.7 as Apache 2.0.59 DSO module gives a segmentation fault when parsing specific xml code. I've been unable to locate the exact code as of yet that triggers this. (since multiple clients use the piece of code i found in the backtrace) A 'bt full' is also available, which might reveal more info for you. I've disabled any Zend + 3rd-party extensions, thus only PHP-only extensions built-in. Reproduce code: --------------- Don't have it, though it has to be something like this : #16 0xb75b8952 in domxml_document_parser (mode=144905360, loadtype=0, source=0x8ac77e4 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head profile=\"http://gmpg.org/x"..., data=0x0) at /opt/install/widexs_apache_2006_026/php-4.4.7/ext/domxml/php_domxml.c:4006 Which is used in WordPress CMS if I'm correct. Expected result: ---------------- No segmentation fault :) Actual result: -------------- backtrace : (gdb) bt #0 0xb7a21df3 in free () from /lib/libc.so.6 #1 0xb6faf788 in xmlResetError__internal_alias (err=0xbfd65360) at error.c:871 #2 0xb6faeb94 in __xmlRaiseError (schannel=0, channel=0xb75b2ebc <domxml_error_validate>, data=0xbfd651e0, ctx=0xbfd651e0, nod=0x8ae0ee8, domain=23, code=504, level=XML_ERR_ERROR, file=0x0, line=-2147483636, str1=0x8b247f8 "ul", str2=0x8b247f8 "ul", str3=0xbfd62690 "()", int1=35, col=1, msg=0xb70706a0 "Element %s content does not follow the DTD, expecting %s, got %s\n") at error.c:534 #3 0xb6fda6f8 in xmlErrValidNode (ctxt=0x23, node=0x8ae0ee8, error=XML_DTD_CONTENT_MODEL, msg=0xb70706a0 "Element %s content does not follow the DTD, expecting %s, got %s\n", str1=0xb7adc4a4 "", str2=0xbfd63a20 "(li)+", str3=0xbfd62690 "()") at valid.c:152 #4 0xb6fe0763 in xmlValidateElementContent (ctxt=0x8a314fc, child=0x8ae0f38, elemDecl=0xbfd62690, warn=1, parent=0x8ae0ee8) at valid.c:5366 #5 0xb6fe15f6 in xmlValidateOneElement__internal_alias (ctxt=0x8a314fc, doc=0x8ae0f38, elem=0x8ae0ee8) at valid.c:6052 #6 0xb705b5d4 in xmlSAX2EndElementNs__internal_alias (ctx=0x8a31490, localname=0x8b06f4a "ul", prefix=0x0, URI=0x8b06ddf "http://www.w3.org/1999/xhtml") at SAX2.c:2315 #7 0xb6fbf56e in xmlParseEndTag2 (ctxt=0x8a31490, prefix=0x0, URI=0x8b06ddf "http://www.w3.org/1999/xhtml", line=28, nsNr=0, tlen=0) at parser.c:8207 #8 0xb6fbff9d in xmlParseElement__internal_alias (ctxt=0x8a31490) at parser.c:8542 #9 0xb6fbfcef in xmlParseContent__internal_alias (ctxt=0x8a31490) at parser.c:8361 #10 0xb6fbff56 in xmlParseElement__internal_alias (ctxt=0x8a31490) at parser.c:8521 #11 0xb6fbfcef in xmlParseContent__internal_alias (ctxt=0x8a31490) at parser.c:8361 #12 0xb6fbff56 in xmlParseElement__internal_alias (ctxt=0x8a31490) at parser.c:8521 #13 0xb6fbfcef in xmlParseContent__internal_alias (ctxt=0x8a31490) at parser.c:8361 #14 0xb6fbff56 in xmlParseElement__internal_alias (ctxt=0x8a31490) at parser.c:8521 #15 0xb6fc1133 in xmlParseDocument__internal_alias (ctxt=0x8a31490) at parser.c:9129 #16 0xb75b8952 in domxml_document_parser (mode=144905360, loadtype=0, source=0x8ac77e4 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head profile=\"http://gmpg.org/x"..., data=0x0) at /opt/install/widexs_apache_2006_026/php-4.4.7/ext/domxml/php_domxml.c:4006 #17 0xb75b8a46 in zif_xmldoc (ht=2, return_value=0x8a31264, this_ptr=0x0, return_value_used=1) at /opt/install/widexs_apache_2006_026/php-4.4.7/ext/domxml/php_domxml.c:4042 #18 0xb76d576a in execute (op_array=0x8a9ee10) at /opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend_execute.c:1681 #19 0xb76d551c in execute (op_array=0x8a40960) at /opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend_execute.c:1725 #20 0xb76d551c in execute (op_array=0x8984534) at /opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend_execute.c:1725 #21 0xb76c8fbf in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /opt/install/widexs_apache_2006_026/php-4.4.7/Zend/zend.c:939 #22 0xb76a4068 in php_execute_script (primary_file=0xbfd6ab70) at /opt/install/widexs_apache_2006_026/php-4.4.7/main/main.c:1757 #23 0xb76d96a7 in php_handler (r=0x8978608) at /opt/install/widexs_apache_2006_026/php-4.4.7/sapi/apache2handler/sapi_apache2.c:581 #24 0x080af902 in ap_run_handler () #25 0x080b0071 in ap_invoke_handler () #26 0x0809050d in ap_process_request () #27 0x0808a977 in ap_process_http_connection () #28 0x080bc422 in ap_run_process_connection () #29 0x080bc810 in ap_process_connection () #30 0x080ae19f in child_main () #31 0x080ae329 in make_child () #32 0x080ae39e in startup_children () #33 0x080ae7a7 in ap_mpm_run () #34 0x080b54b9 in main () #35 0xb79d0b94 in __libc_start_main () from /lib/libc.so.6 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41346&edit=1