From: vrana
Operating system: Windows XP
PHP version: 5.3.2
Package: SimpleXML related
Bug Type: Bug
Bug description:PHP crash with wrong HTML in SimpleXML
Description:
------------
It is possible to load incorrect HTML by DOM and import it to
simplexml_import_dom().
Under certain circumstances, PHP crashes after attempt of working with this
HTML.
Test script:
---------------
<?php
$dom = new DOMDocument;
$dom->loadHTML('<span title=""y">x</span>');
$html = simplexml_import_dom($dom);
echo ($html->body->span ? $html->body->span : '');
?>
Expected result:
----------------
x
Actual result:
--------------
Thread 0 - System ID 5696
Entry point php!mainCRTStartup
Create time 20.4. 13:24:02
Time spent in user mode 0 Days 0:0:0.437
Time spent in kernel mode 0 Days 0:0:0.140
Function Arg 1 Arg 2 Arg 3 Source
php5ts!_estrdup+d 00000000 01cbd968 00000000
php5ts!sxe_get_prop_hash+1b8 011d0c78 011d0a60 00372740
php5ts!sxe_object_cast+36 011d08b0 00c0fb94 00000003
php5ts!ZEND_JMPZ_SPEC_VAR_HANDLER+12f 00c0fc0c 00372740
00c0fea8
php5ts!execute+2fe 01200080 00372700 00000000
php5ts!zend_execute_scripts+f6 00000008 00372740 00000000
php5ts!php_execute_script+245 00c0fea8 00372740 00000000
php!main+bf1 00000002 003726d0 00372cd0
php!mainCRTStartup+e3 00000000 00000000 7ffdf000
kernel32!BaseProcessStart+23 00402d78 00000000 00000000
PHP5TS!_ESTRDUP+DIn
php__PID__5476__Date__04_20_2010__Time_01_24_03PM__267__Second_Chance_Exception_C0000005.dmp
the assembly instruction at php5ts!_estrdup+d in C:\Program
Files\PHP\php5ts.dll from The PHP Group has caused an access violation
exception (0xC0000005) when trying to read from memory location 0x00000000
on thread 0
--
Edit bug report at http://bugs.php.net/bug.php?id=51615&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51615&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51615&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=51615&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=51615&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51615&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51615&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51615&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51615&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51615&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51615&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51615&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51615&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51615&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51615&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51615&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=51615&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51615&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51615&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51615&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51615&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51615&r=mysqlcfg
