From: vivers at one dot net Operating system: SUSE Ent Svr 9 AMD64 PHP version: 5.0.4 PHP Bug Type: DOM XML related Bug description: Segfault in DOMXpath->query
Description: ------------ Similar to situation reported in Bug #32754. However, installing libxml2-2.6.16 did not resolve the issue. Calling query() method of DOMXPath where DOMDocument loaded with a document whose root element contains a namespace declaration causes segfault. Occurred with php-5.0.4, libxml2-2.6.19 and again with 2.2.16. Also failed with php5-STABLE-200505021035. PHP config: './configure' \ '--with-apxs=/usr/local/apache/bin/apxs' \ '--with-mysqli=/usr/local/bin/mysql_config' \ '--with-openssl=/usr/local' \ '--with-libxml-dir=/usr/local' \ '--enable-debug' \ Apache/mod_ssl config: ./configure \ "--with-apache=../apache_1.3.33" \ "--with-ssl=../openssl-0.9.7g" \ "--with-mm=../mm-1.3.1" \ "--prefix=/usr/local/apache" \ "--enable-shared=ssl" \ "--disable-rule=SSL_COMPAT" \ "--with-layout=Apache" \ "--enable-rule=SSL_SDBM" \ "--enable-shared=max" \ "--enable-module=ssl" \ Does not occur on Dreamhost server running Linux 2.4.29 and running PHP in CGI mode--PHP-5.0.3 and libxml2-2.6.11. That same combination also generated the segfault on the SUSE box. Reproduce code: --------------- Code from bug #32754: <?php $x = new DOMDocument(); // This line gives a segmentation fault. $x->loadXml( '<template xmlns="http://blah.com"/>'); // ... but if i comment the line above out and uncomment the next line // there are no issues. It does not matter what xmlns is set to in the line // above. //$x->loadXml( '<template/>' ); $xpath = new DOMXPath( $x ); $nodelist = $xpath->query( '/*' ); ?> Works fine with CGI version of php5-STABLE-200505021035. Segfaults in Apache module, both http and https call. Expected result: ---------------- Return nothing and no segfault Actual result: -------------- #0 0x0000002a95b8c70b in _int_malloc () from /lib64/tls/libc.so.6 #1 0x0000002a95b8df99 in malloc () from /lib64/tls/libc.so.6 #2 0x0000002a97f90819 in xmlMallocLoc__internal_alias (size=Variable "size" is not available. ) at xmlmemory.c:174 #3 0x0000002a97f90962 in xmlMemMalloc__internal_alias (size=Variable "size" is not available. ) at xmlmemory.c:296 #4 0x0000002a98018af6 in xmlNewPatParserContext (pattern=Variable "pattern" is not available. ) at pattern.c:261 #5 0x0000002a9801a226 in xmlPatterncompile__internal_alias (pattern=Variable "pattern" is not available. ) at pattern.c:1876 #6 0x0000002a97fabf98 in xmlXPathTryStreamCompile (ctxt=Variable "ctxt" is not available. ) at xpath.c:11270 #7 0x0000002a97fbac7b in xmlXPathEvalExpr__internal_alias (ctxt=Variable "ctxt" is not available. ) at xpath.c:11452 #8 0x0000002a97fbad77 in xmlXPathEvalExpression__internal_alias (str=Variable "str" is not available. ) at xpath.c:11549 #9 0x0000002a972c312b in zif_dom_xpath_query (ht=1, return_value=0x6e5e00, this_ptr=0x6e20d0, return_value_used=1) at /home/xtekadmin/src/php5-STABLE-200505021035/ext/dom/xpath.c:198 #10 0x0000002a9747949f in zend_do_fcall_common_helper (execute_data=0x7fbfffbea0, opline=0x6e7138, op_array=0x6e1ec0) at /home/xtekadmin/src/php5-STABLE-200505021035/Zend/zend_execute.c:2736 #11 0x0000002a97479bc1 in zend_do_fcall_by_name_handler (execute_data=0x7fbfffbea0, opline=0x6e7138, op_array=0x6e1ec0) at /home/xtekadmin/src/php5-STABLE-200505021035/Zend/zend_execute.c:2850 #12 0x0000002a9747550b in execute (op_array=0x6e1ec0) at /home/xtekadmin/src/php5-STABLE-200505021035/Zend/zend_execute.c:1415 #13 0x0000002a974488de in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/xtekadmin/src/php5-STABLE-200505021035/Zend/zend.c:1076 #14 0x0000002a973f7b45 in php_execute_script (primary_file=0x7fbfffe480) at /home/xtekadmin/src/php5-STABLE-200505021035/main/main.c:1638 #15 0x0000002a97482c60 in apache_php_module_main (r=0x56b110, display_source_mode=0) at /home/xtekadmin/src/php5-STABLE-200505021035/sapi/apache/sapi_apache.c:54 #16 0x0000002a97483b69 in send_php (r=0x56b110, display_source_mode=0, filename=0x6c7a40 "/usr/local/apache/htdocs/test.php") at /home/xtekadmin/src/php5-STABLE-200505021035/sapi/apache/mod_php5.c:622 #17 0x0000002a97483beb in send_parsed_php (r=0x56b110) at /home/xtekadmin/src/php5-STABLE-200505021035/sapi/apache/mod_php5.c:637 #18 0x00000000004105e5 in ap_invoke_handler () #19 0x00000000004280f7 in process_request_internal () #20 0x000000000042814c in ap_process_request () #21 0x000000000041e66e in child_main () #22 0x000000000041e81f in make_child () #23 0x000000000041e9a0 in startup_children () #24 0x000000000041f0cd in standalone_main () #25 0x000000000041f8dc in main () -- Edit bug report at http://bugs.php.net/?id=32912&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32912&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=32912&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=32912&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=32912&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=32912&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=32912&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=32912&r=needscript Try newer version: http://bugs.php.net/fix.php?id=32912&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=32912&r=support Expected behavior: http://bugs.php.net/fix.php?id=32912&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=32912&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=32912&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=32912&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32912&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=32912&r=dst IIS Stability: http://bugs.php.net/fix.php?id=32912&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=32912&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=32912&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=32912&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=32912&r=mysqlcfg
