From: vrana Operating system: Windows XP PHP version: 5.3.2 Package: SimpleXML related Bug Type: Bug Bug description:PHP crash with wrong HTML in SimpleXML
Description: ------------ It is possible to load incorrect HTML by DOM and import it to simplexml_import_dom(). Under certain circumstances, PHP crashes after attempt of working with this HTML. Test script: --------------- <?php $dom = new DOMDocument; $dom->loadHTML('<span title=""y">x</span>'); $html = simplexml_import_dom($dom); echo ($html->body->span ? $html->body->span : ''); ?> Expected result: ---------------- x Actual result: -------------- Thread 0 - System ID 5696 Entry point php!mainCRTStartup Create time 20.4. 13:24:02 Time spent in user mode 0 Days 0:0:0.437 Time spent in kernel mode 0 Days 0:0:0.140 Function Arg 1 Arg 2 Arg 3 Source php5ts!_estrdup+d 00000000 01cbd968 00000000 php5ts!sxe_get_prop_hash+1b8 011d0c78 011d0a60 00372740 php5ts!sxe_object_cast+36 011d08b0 00c0fb94 00000003 php5ts!ZEND_JMPZ_SPEC_VAR_HANDLER+12f 00c0fc0c 00372740 00c0fea8 php5ts!execute+2fe 01200080 00372700 00000000 php5ts!zend_execute_scripts+f6 00000008 00372740 00000000 php5ts!php_execute_script+245 00c0fea8 00372740 00000000 php!main+bf1 00000002 003726d0 00372cd0 php!mainCRTStartup+e3 00000000 00000000 7ffdf000 kernel32!BaseProcessStart+23 00402d78 00000000 00000000 PHP5TS!_ESTRDUP+DIn php__PID__5476__Date__04_20_2010__Time_01_24_03PM__267__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!_estrdup+d in C:\Program Files\PHP\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000 on thread 0 -- Edit bug report at http://bugs.php.net/bug.php?id=51615&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51615&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51615&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51615&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51615&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51615&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51615&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51615&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51615&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51615&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51615&r=support Expected behavior: http://bugs.php.net/fix.php?id=51615&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51615&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51615&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51615&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51615&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=51615&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51615&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51615&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51615&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51615&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51615&r=mysqlcfg