#31878 [Fbk->Opn]: Segmentation fault

php-bug at max-imp dot com Mon, 07 Feb 2005 17:20:07 -0800

 ID:               31878
 User updated by:  php-bug at max-imp dot com
 Reported By:      php-bug at max-imp dot com
-Status:           Feedback
+Status:           Open
 Bug Type:         Reproducible crash
 Operating System: Gentoo
 PHP Version:      5.0.3
 New Comment:


We have installed php5-STABLE-200502072330.tar.gz but are still
experiencing the same issue.

After doing more testing I believe its related to cloning the
domdocument. Here is a small test case that also fails when cloning a
domdocument.
======================================
$d = new DOMDocument();
$d->load( 'index.xml' );
$doc = clone $d;

var_dump($d);
var_dump($d->documentElement->ownerDocument);
var_dump($doc);
var_dump($doc->documentElement);
var_dump($doc->documentElement->ownerDocument);

new DOMXPath( $doc->documentElement->ownerDocument );
=============================================

Here is index.xml that is used by the above php script
==============================================
<?xml version="1.0" ?>
<test/>
==============================================

There are a few odd things about the results of running the php. Here
are the resluts
==============================================
object(DOMDocument)#1 (0) {
}
object(DOMDocument)#1 (0) {
}
object(DOMDocument)#2 (0) {
}
object(DOMElement)#3 (0) {
}
object(DOMDocument)#4 (0) {
}

Fatal error: Uncaught exception 'DOMException' with message
'__construct() expects parameter 1 to be DOMDocument, object given' in
/home/dmschlot/test-ownerDocument.php:36
Stack trace:
#0 /home/dmschlot/test-ownerDocument.php(36):
DOMXPath->__construct(Object(DOMXPath))
#1 {main}
  thrown in /home/dmschlot/test-ownerDocument.php on line 36
==============================================
The 3rd and 4th var_dumps should be the same instances of DOMDocument.
Also for some reason its saying that I am passing in DOMXPath when it
should be a DOMDocument.

Thanks a lot for the help.


Previous Comments:
------------------------------------------------------------------------

[2005-02-07 22:45:54] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip



------------------------------------------------------------------------

[2005-02-07 22:27:15] php-bug at max-imp dot com

Description:
------------
I am receiving an segmentation fault when accessing the ownerDocument
property of a DOMNode object. Here is the line it's crashing on...

$xpath = new DOMXPath( $relativeTo->ownerDocument );


Reproduce code:
---------------
I can reproduce the error in the system I am working on but can not get
the error to occur outside of the system. (The system is pretty large.)

Actual result:
--------------
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 13455)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 13455)]
0x082ef792 in zend_objects_store_add_ref (object=0x8d0f0f0e) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_objects_API.c:128
warning: Source file is more recent than executable.

128            
EG(objects_store).object_buckets[handle].bucket.obj.refcount++;
(gdb) bt
#0  0x082ef792 in zend_objects_store_add_ref (object=0x8d0f0f0e) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_objects_API.c:128
#1  0x082d1765 in _zval_copy_ctor (zvalue=0x8c885a4,
    __zend_filename=0x831e300
"/var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/php_dom.c",
__zend_lineno=1041)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_variables.c:158
#2  0x080bfbf4 in php_dom_create_object (obj=0x8ca32e8,
found=0xbffe5f68, wrapper_in=0x0, return_value=0x8c885a4,
domobj=0x8db4484)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/php_dom.c:1041
#3  0x080c83ad in dom_node_owner_document_read (obj=0x8db4484,
retval=0xbffe5f98)
    at /var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/node.c:575
#4  0x080b8c98 in dom_read_property (object=0x8cb2bf4,
member=0x87805c0, type=139514432)
    at /var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/php_dom.c:227
#5  0x0830810c in zend_fetch_property_address_read (result=0x8780594,
op1=0x87805a8, op2=0x87805bc, Ts=0xbffe6084, type=0)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1158
#6  0x082fed68 in zend_fetch_obj_func_arg_handler
(execute_data=0xbffe7000, opline=0x8780590, op_array=0x8772ce4)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2170
#7  0x082fca38 in execute (op_array=0x8772ce4) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#8  0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbffe7f80,
opline=0x89e5e30, op_array=0x8981fd0)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#9  0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#10 0x082fca38 in execute (op_array=0x8981fd0) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#11 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbffef3d0,
opline=0x40b1e56c, op_array=0x8abbb20)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#12 0x08300f6e in zend_do_fcall_handler (execute_data=0xbffef3d0,
opline=0x40b1e56c, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2843
#13 0x082fca38 in execute (op_array=0x8abbb20) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#14 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbffef910,
opline=0x8790f24, op_array=0x89c6074)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#15 0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#16 0x082fca38 in execute (op_array=0x89c6074) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#17 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff03e0,
opline=0x87a4708, op_array=0x89d33ac)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#18 0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#19 0x082fca38 in execute (op_array=0x89d33ac) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#20 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff1430,
opline=0x87abd00, op_array=0x89d345c)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#21 0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#22 0x082fca38 in execute (op_array=0x89d345c) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#23 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff1730,
opline=0x879e914, op_array=0x89d32fc)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#24 0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#25 0x082fca38 in execute (op_array=0x89d32fc) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#26 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff1a80,
opline=0x879717c, op_array=0x89d2f04)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#27 0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#28 0x082fca38 in execute (op_array=0x89d2f04) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#29 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff2b00,
opline=0x877dd7c, op_array=0x8772ce4)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#30 0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#31 0x082fca38 in execute (op_array=0x8772ce4) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#32 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff5e30,
opline=0x8a84b44, op_array=0x8a4c458)
    at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#33 0x08300e93 in zend_do_fcall_by_name_handler
(execute_data=0x850d240, opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
---Type <return> to continue, or q <return> to quit---q
 at /var/tmp/portage/php-5.0Quit
(gdb) print handle
$1 = 2366574350
(gdb)



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=31878&edit=1

#31878 [Fbk->Opn]: Segmentation fault

Reply via email to