#40598 [NEW]: libxml segfault

Ask a Question related to PHP Bugs, Design and Development.

  1. incastrix at yahoo dot it #1

    Default #40598 [NEW]: libxml segfault

    From: incastrix at yahoo dot it
    Operating system: debian etch
    PHP version: 5CVS-2007-02-22 (CVS)
    PHP Bug Type: XML related
    Bug description: libxml segfault

    Description:
    ------------
    libxml segfaults when xml document was loaded with LIBXML_COMPACT flag
    and try to remove a node.

    libxml 2.6.27

    Reproduce code:
    ---------------
    $doc = DOMDocument::loadXML('<root><father><child xml:id="remove"
    /></father></root>', LIBXML_COMPACT);
    $node = $doc->getElementByID('remove');
    $node->parentNode->removeChild( $node );

    Actual result:
    --------------
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread -1210758944 (LWP 27086)]
    php_libxml_node_free_list (node=0x70706970) at
    /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236
    236 switch (node->type) {
    (gdb) bt
    #0 php_libxml_node_free_list (node=0x70706970) at
    /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236
    #1 0xb7a310b0 in php_libxml_node_free_list (node=<value optimized out>)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:253
    #2 0xb7a310f9 in php_libxml_node_free_list (node=<value optimized out>)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:249
    #3 0xb7a3115b in php_libxml_node_free_resource (node=0x82247c0)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1005
    #4 0xb7a311f8 in php_libxml_node_decrement_resource (object=0xb7799708)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1028
    #5 0xb7a65864 in dom_objects_free_storage (object=0xb7799708) at
    /usr/local/src/php5.2-200702222130/ext/dom/php_dom.c:974
    #6 0xb7c298a7 in zend_objects_store_del_ref_by_handle (handle=2)
    at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:206
    #7 0xb7c298e7 in zend_objects_store_del_ref (zobject=0xb7799848)
    at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:168
    #8 0xb7c02199 in _zval_ptr_dtor (zval_ptr=0xb7796f60) at
    /usr/local/src/php5.2-200702222130/Zend/zend_variables.h:35
    #9 0xb7c17667 in zend_hash_apply_deleter (ht=0xb7d53990, p=0xb7796f54)
    at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:611
    #10 0xb7c17768 in zend_hash_reverse_apply (ht=0xb7d53990,
    apply_func=0xb7c018d0 <zval_call_destructor>)
    at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:760
    #11 0xb7c020fe in shutdown_destructors () at
    /usr/local/src/php5.2-200702222130/Zend/zend_execute_API.c:211
    #12 0xb7c0e300 in zend_call_destructors () at
    /usr/local/src/php5.2-200702222130/Zend/zend.c:846
    #13 0xb7bcfd88 in php_request_shutdown (dummy=0x0) at
    /usr/local/src/php5.2-200702222130/main/main.c:1279
    #14 0xb7c8642d in php_handler (r=0x821d578) at
    /usr/local/src/php5.2-200702222130/sapi/apache2handler/sapi_apache2.c:463
    #15 0x08074617 in ap_run_handler (r=0x821d578) at config.c:157
    #16 0x08077707 in ap_invoke_handler (r=0x821d578) at config.c:372
    #17 0x0808deb8 in ap_process_request (r=0x821d578) at http_request.c:258
    #18 0x0808b15e in ap_process_http_connection (c=0x8219558) at
    http_core.c:184
    #19 0x0807b4d7 in ap_run_process_connection (c=0x8219558) at
    connection.c:43
    #20 0x080a10a4 in child_main (child_num_arg=<value optimized out>) at
    prefork.c:640
    #21 0x080a1304 in make_child (s=0x80ccc80, slot=0) at prefork.c:680
    #22 0x080a20ca in ap_mpm_run (_pconf=0x80c80a8, plog=0x81061a0,
    s=0x80ccc80) at prefork.c:956
    #23 0x0806222f in main (argc=135029024, argv=0x0) at main.c:717


    --
    Edit bug report at [url]http://bugs.php.net/?id=40598&edit=1[/url]
    --
    Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40598&r=trysnapshot44[/url]
    Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40598&r=trysnapshot52[/url]
    Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40598&r=trysnapshot60[/url]
    Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40598&r=fixedcvs[/url]
    Fixed in release: [url]http://bugs.php.net/fix.php?id=40598&r=alreadyfixed[/url]
    Need backtrace: [url]http://bugs.php.net/fix.php?id=40598&r=needtrace[/url]
    Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40598&r=needscript[/url]
    Try newer version: [url]http://bugs.php.net/fix.php?id=40598&r=oldversion[/url]
    Not developer issue: [url]http://bugs.php.net/fix.php?id=40598&r=support[/url]
    Expected behavior: [url]http://bugs.php.net/fix.php?id=40598&r=notwrong[/url]
    Not enough info: [url]http://bugs.php.net/fix.php?id=40598&r=notenoughinfo[/url]
    Submitted twice: [url]http://bugs.php.net/fix.php?id=40598&r=submittedtwice[/url]
    register_globals: [url]http://bugs.php.net/fix.php?id=40598&r=globals[/url]
    PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40598&r=php3[/url]
    Daylight Savings: [url]http://bugs.php.net/fix.php?id=40598&r=dst[/url]
    IIS Stability: [url]http://bugs.php.net/fix.php?id=40598&r=isapi[/url]
    Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40598&r=gnused[/url]
    Floating point limitations: [url]http://bugs.php.net/fix.php?id=40598&r=float[/url]
    No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40598&r=nozend[/url]
    MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40598&r=mysqlcfg[/url]
    incastrix at yahoo dot it Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. XML::LibXML and Libxml2
      Hello, I try to install the module XML::LibXML and I don't know how to proceed. I have Windows XP and I work with activePerl 5.8 To work...
    2. libxml SAX processing?
      Has there been any progress on the SAX interface in libxml? I'm trying to write a libxml interface for soap4r, but it expects a stream interface...
    3. XML::LibXML documentation help please
      "Vic Russell" <nospam@nospam.com> shaped the electrons to say: Start here: http://search.cpan.org/author/PHISH/XML-LibXML-1.54/LibXML.pm At...
    4. libxml in PHP 5
      Hey Folks: I'm starting to use PHP 5 on my development machine. The primary XML parser is changing from expat to libxml. I was curious about...
    5. libxml
      "willjay" <willjay@excite.com> wrote in message news:<M2oNa.7506$9s2.6199@fe05.atl2.webusenet.com>... OpenServer 5.0.7 ships with libxml as part...
  2. rrichards@php.net #2

    Default #40598 [Opn->Csd]: libxml segfault

    ID: 40598
    Updated by: [email]rrichards@php.net[/email]
    Reported By: incastrix at yahoo dot it
    -Status: Open
    +Status: Closed
    Bug Type: XML related
    Operating System: debian etch
    PHP Version: 5CVS-2007-02-22 (CVS)
    New Comment:

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.

    *NOTE*: LIBXML_COMPACT should really only be used when reading a
    document as it is unpredictable (within the libxml2 library itself)
    when using it and modifying a document.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-02-22 23:08:01] incastrix at yahoo dot it

    Description:
    ------------
    libxml segfaults when xml document was loaded with LIBXML_COMPACT flag
    and try to remove a node.

    libxml 2.6.27

    Reproduce code:
    ---------------
    $doc = DOMDocument::loadXML('<root><father><child xml:id="remove"
    /></father></root>', LIBXML_COMPACT);
    $node = $doc->getElementByID('remove');
    $node->parentNode->removeChild( $node );

    Actual result:
    --------------
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread -1210758944 (LWP 27086)]
    php_libxml_node_free_list (node=0x70706970) at
    /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236
    236 switch (node->type) {
    (gdb) bt
    #0 php_libxml_node_free_list (node=0x70706970) at
    /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236
    #1 0xb7a310b0 in php_libxml_node_free_list (node=<value optimized
    out>)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:253
    #2 0xb7a310f9 in php_libxml_node_free_list (node=<value optimized
    out>)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:249
    #3 0xb7a3115b in php_libxml_node_free_resource (node=0x82247c0)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1005
    #4 0xb7a311f8 in php_libxml_node_decrement_resource
    (object=0xb7799708)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1028
    #5 0xb7a65864 in dom_objects_free_storage (object=0xb7799708) at
    /usr/local/src/php5.2-200702222130/ext/dom/php_dom.c:974
    #6 0xb7c298a7 in zend_objects_store_del_ref_by_handle (handle=2)
    at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:206
    #7 0xb7c298e7 in zend_objects_store_del_ref (zobject=0xb7799848)
    at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:168
    #8 0xb7c02199 in _zval_ptr_dtor (zval_ptr=0xb7796f60) at
    /usr/local/src/php5.2-200702222130/Zend/zend_variables.h:35
    #9 0xb7c17667 in zend_hash_apply_deleter (ht=0xb7d53990,
    p=0xb7796f54)
    at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:611
    #10 0xb7c17768 in zend_hash_reverse_apply (ht=0xb7d53990,
    apply_func=0xb7c018d0 <zval_call_destructor>)
    at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:760
    #11 0xb7c020fe in shutdown_destructors () at
    /usr/local/src/php5.2-200702222130/Zend/zend_execute_API.c:211
    #12 0xb7c0e300 in zend_call_destructors () at
    /usr/local/src/php5.2-200702222130/Zend/zend.c:846
    #13 0xb7bcfd88 in php_request_shutdown (dummy=0x0) at
    /usr/local/src/php5.2-200702222130/main/main.c:1279
    #14 0xb7c8642d in php_handler (r=0x821d578) at
    /usr/local/src/php5.2-200702222130/sapi/apache2handler/sapi_apache2.c:463
    #15 0x08074617 in ap_run_handler (r=0x821d578) at config.c:157
    #16 0x08077707 in ap_invoke_handler (r=0x821d578) at config.c:372
    #17 0x0808deb8 in ap_process_request (r=0x821d578) at
    http_request.c:258
    #18 0x0808b15e in ap_process_http_connection (c=0x8219558) at
    http_core.c:184
    #19 0x0807b4d7 in ap_run_process_connection (c=0x8219558) at
    connection.c:43
    #20 0x080a10a4 in child_main (child_num_arg=<value optimized out>) at
    prefork.c:640
    #21 0x080a1304 in make_child (s=0x80ccc80, slot=0) at prefork.c:680
    #22 0x080a20ca in ap_mpm_run (_pconf=0x80c80a8, plog=0x81061a0,
    s=0x80ccc80) at prefork.c:956
    #23 0x0806222f in main (argc=135029024, argv=0x0) at main.c:717



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40598&edit=1[/url]
    rrichards@php.net Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139