From: [EMAIL PROTECTED] Operating system: Linux PHP version: 5CVS-2007-07-26 (CVS) PHP Bug Type: DOM XML related Bug description: deleting a node produces memory corruption
Description: ------------ When running getElementById() on a node that just has been removed I get memory corruptions, and often a segfault. I am using libxml 2.6.29 Reproduce code: --------------- See http://files.derickrethans.nl/xml-crash.tar.bz2 run the script with "valgrind php xml-crash.php" Expected result: ---------------- No valgrind errors :) Actual result: -------------- ==27233== Invalid read of size 8 ==27233== at 0x4D6548: zif_dom_document_get_element_by_id (document.c:1267) ==27233== by 0x873B94: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==27233== by 0x874902: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==27233== by 0x873635: execute (zend_vm_execute.h:92) ==27233== by 0x873D23: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==27233== by 0x874902: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==27233== by 0x873635: execute (zend_vm_execute.h:92) ==27233== by 0x873D23: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:234) ==27233== by 0x874902: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==27233== by 0x873635: execute (zend_vm_execute.h:92) ==27233== by 0x84B283: zend_execute_scripts (zend.c:1134) ==27233== by 0x7F1629: php_execute_script (main.c:1967) ==27233== Address 0x9FEA200 is 40 bytes inside a block of size 96 free'd ==27233== at 0x4A2066A: free (vg_replace_malloc.c:233) ==27233== by 0x46BF04: php_libxml_node_free (libxml.c:197) ==27233== by 0x46C0A5: php_libxml_node_free_list (libxml.c:262) ==27233== by 0x46DF5F: php_libxml_node_free_resource (libxml.c:1013) ==27233== by 0x46DFEB: php_libxml_node_decrement_resource (libxml.c:1036) ==27233== by 0x4D2193: dom_objects_free_storage (php_dom.c:974) ==27233== by 0x87160D: zend_objects_store_del_ref_by_handle (zend_objects_API.c:206) ==27233== by 0x871465: zend_objects_store_del_ref (zend_objects_API.c:168) ==27233== by 0x848B5C: _zval_dtor_func (zend_variables.c:52) ==27233== by 0x839C98: _zval_dtor (zend_variables.h:35) ==27233== by 0x839EB1: _zval_ptr_dtor (zend_execute_API.c:414) ==27233== by 0x848ED1: _zval_ptr_dtor_wrapper (zend_variables.c:175) -- Edit bug report at http://bugs.php.net/?id=42112&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=42112&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=42112&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=42112&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=42112&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=42112&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=42112&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=42112&r=needscript Try newer version: http://bugs.php.net/fix.php?id=42112&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=42112&r=support Expected behavior: http://bugs.php.net/fix.php?id=42112&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=42112&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=42112&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=42112&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=42112&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=42112&r=dst IIS Stability: http://bugs.php.net/fix.php?id=42112&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=42112&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=42112&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=42112&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=42112&r=mysqlcfg
