From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 4CVS-2006-07-01 (CVS)
PHP Bug Type: *XML functions
Bug description: XML parser crashes
Description:
------------
Running this script produces:
*** glibc detected *** corrupted double-linked list: 0x08460128 ***
Aborted
zend memory manager is disabled:
PHP API => 20041225
PHP Extension => 20050922
Zend Extension => 220060519
Debug Build => yes
Thread Safety => disabled
Zend Memory Manager => disabled
IPv6 Support => enabled
Registered PHP Streams => php, file, data, http, ftp, compress.bzip2,
compress.zlib
Registered Stream Socket Transports => tcp, udp, unix, udg
Registered Stream Filters => string.rot13, string.toupper, string.tolower,
string.strip_tags, convert.*, consumed, convert.iconv.*, bzip2.*, zlib.*
Reproduce code:
---------------
<?php
class test {
function test() {
// initialize parser
$this->parser = xml_parser_create();
xml_set_element_handler( $this->parser,
array( & $this, "startTag" ),
array( & $this, "endTag" )
);
}
}
$parser = new test();
?>
Actual result:
--------------
backtrace:
Program received signal SIGABRT, Aborted.
[Switching to Thread -1216296736 (LWP 21580)]
0xb78fd7c7 in raise () from /lib/tls/libc.so.6
(gdb) bt
#0 0xb78fd7c7 in raise () from /lib/tls/libc.so.6
#1 0xb78ff06b in abort () from /lib/tls/libc.so.6
#2 0xb7934545 in __fsetlocking () from /lib/tls/libc.so.6
#3 0xb793acbc in malloc_usable_size () from /lib/tls/libc.so.6
#4 0xb793b032 in free () from /lib/tls/libc.so.6
#5 0x081a1a6f in poolDestroy (pool=0x84613f8)
at /dat/dev/php/php-4.4dev/ext/xml/expat/xmlparse.c:5419
#6 0x081983f9 in php_XML_ParserFree (parser=0x8461268)
at /dat/dev/php/php-4.4dev/ext/xml/expat/xmlparse.c:1055
#7 0x08193d8d in xml_parser_dtor (rsrc=0x8460d78)
at /dat/dev/php/php-4.4dev/ext/xml/xml.c:297
#8 0x081fc2c6 in list_entry_destructor (ptr=0x8460d78)
at /dat/dev/php/php-4.4dev/Zend/zend_list.c:177
#9 0x081fa433 in zend_hash_del_key_or_index (ht=0x83fa468, arKey=0x0,
nKeyLength=0, h=4, flag=1) at
/dat/dev/php/php-4.4dev/Zend/zend_hash.c:527
#10 0x081fc02d in _zend_list_delete (id=4)
at /dat/dev/php/php-4.4dev/Zend/zend_list.c:56
#11 0x081f42db in _zval_dtor (zvalue=0x8460d98,
__zend_filename=0x838ef2c
"/dat/dev/php/php-4.4dev/Zend/zend_execute_API.c", __zend_lineno=289) at
/dat/dev/php/php-4.4dev/Zend/zend_variables.c:69
#12 0x081ebb2f in _zval_ptr_dtor (zval_ptr=0x8460d04,
__zend_filename=0x838f748
"/dat/dev/php/php-4.4dev/Zend/zend_variables.c",
__zend_lineno=171) at
/dat/dev/php/php-4.4dev/Zend/zend_execute_API.c:289
#13 0x081f4524 in _zval_ptr_dtor_wrapper (zval_ptr=0x8460d04)
at /dat/dev/php/php-4.4dev/Zend/zend_variables.c:171
#14 0x081fa50a in zend_hash_destroy (ht=0x8460d48)
at /dat/dev/php/php-4.4dev/Zend/zend_hash.c:556
#15 0x081f42b6 in _zval_dtor (zvalue=0x8460d38,
__zend_filename=0x838ef2c
"/dat/dev/php/php-4.4dev/Zend/zend_execute_API.c", __zend_lineno=289) at
/dat/dev/php/php-4.4dev/Zend/zend_variables.c:60
#16 0x081ebb2f in _zval_ptr_dtor (zval_ptr=0x8461ab4,
__zend_filename=0x838f748
"/dat/dev/php/php-4.4dev/Zend/zend_variables.c",
__zend_lineno=171) at
/dat/dev/php/php-4.4dev/Zend/zend_execute_API.c:289
#17 0x081f4524 in _zval_ptr_dtor_wrapper (zval_ptr=0x8461ab4)
at /dat/dev/php/php-4.4dev/Zend/zend_variables.c:171
#18 0x081fa50a in zend_hash_destroy (ht=0x8461a50)
at /dat/dev/php/php-4.4dev/Zend/zend_hash.c:556
#19 0x081f4284 in _zval_dtor (zvalue=0x8461b18,
__zend_filename=0x838ef2c
"/dat/dev/php/php-4.4dev/Zend/zend_execute_API.c", __zend_lineno=289) at
/dat/dev/php/php-4.4dev/Zend/zend_variables.c:51
#20 0x081ebb2f in _zval_ptr_dtor (zval_ptr=0x8459554,
__zend_filename=0x8370e70 "/dat/dev/php/php-4.4dev/ext/xml/xml.c",
__zend_lineno=309) at
/dat/dev/php/php-4.4dev/Zend/zend_execute_API.c:289
#21 0x08193e2b in xml_parser_dtor (rsrc=0x8460d78)
---Type <return> to continue, or q <return> to quit---q
at /dat/dev/php/php-4.4dev/exQuit
valgrind:
--
Edit bug report at http://bugs.php.net/?id=37981&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=37981&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=37981&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=37981&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=37981&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=37981&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=37981&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=37981&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=37981&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=37981&r=support
Expected behavior: http://bugs.php.net/fix.php?id=37981&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=37981&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=37981&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=37981&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37981&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=37981&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=37981&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=37981&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=37981&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=37981&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=37981&r=mysqlcfg
