From:             romain dot lalaut at laposte dot net
Operating system: Linux Ubuntu 2.6.20-16-server
PHP version:      5.2.4RC3
PHP Bug Type:     Reproducible crash
Bug description:  Segmentation when trying to set an attribute in a DOMElement

Description:
------------
When i try to set an attribute in a DOMElement instance, a segmentation
fault may occurs (not for every element but always the same) .

PHP 5.2.1 (cli) (built: Jul 17 2007 18:14:23)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

My phpinfo() : http://paste-it.net/3324


Reproduce code:
---------------
/* XML code

       <div id="one">
                <div id="one_a" />
                <div id="one_b" />
        </div>
        <div id="two"></div>
*/


          $els = $view->getElementsByXPath(
"/xhtml:html[1]/xhtml:body[1]//xhtml:[EMAIL PROTECTED]" ); // It works and $els 
is an
iterator of DOMElement encapsulated in home-made objects
          
          foreach($els as $el)
          {
                echo('ID : '.$el->getAttribute('id')."\n"); flush();
                $el->setAttribute('id', 'foo');
                echo("OK\n"); flush();
          }

Expected result:
----------------
ID : one
OK
ID : one_a
OK
ID : one_b 
OK
ID : two
OK


Actual result:
--------------
ID : one
[Segmentation fault]


GDB backtrace

#0  0x080db409 in php_dom_object_get_data (obj=0x656e6f) at
/tmp/php5.2-200708281430/ext/dom/php_dom.c:242
#1  0x080e0140 in node_list_unlink (node=0x656e6f) at
/tmp/php5.2-200708281430/ext/dom/php_dom.c:931
#2  0x080e01a0 in node_list_unlink (node=0x8676f20) at
/tmp/php5.2-200708281430/ext/dom/php_dom.c:948
#3  0x080e8509 in zif_dom_element_set_attribute (ht=2,
return_value=0x8711f08, return_value_ptr=0x0, this_ptr=0x87101c0,
return_value_used=0) at /tmp/php5.2-200708281430/ext/dom/element.c:308
#4  0x0833fb70 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc12100) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:200
#5  0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfc12100) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#6  0x0833f6c0 in execute (op_array=0x866bfa4) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#7  0x0833fcea in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc126b0) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#8  0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfc126b0) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#9  0x0833f6c0 in execute (op_array=0x870169c) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#10 0x0833fcea in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc12ba0) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#11 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfc12ba0) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#12 0x0833f6c0 in execute (op_array=0x86ee670) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#13 0x0833fcea in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc12d10) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#14 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfc12d10) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#15 0x0833f6c0 in execute (op_array=0x86dcff8) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#16 0x0833fcea in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc13740) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#17 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfc13740) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#18 0x0833f6c0 in execute (op_array=0x86dbb84) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#19 0x0833fcea in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc13c00) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#20 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfc13c00) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#21 0x0833f6c0 in execute (op_array=0x85928b4) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#22 0x0833fcea in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc140f0) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:234
#23 0x083407bd in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfc140f0) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:322
#24 0x0833f6c0 in execute (op_array=0x8538d2c) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:92
#25 0x0831aaf5 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /tmp/php5.2-200708281430/Zend/zend.c:1134
#26 0x082c6d91 in php_execute_script (primary_file=0xbfc16468) at
/tmp/php5.2-200708281430/main/main.c:1982
#27 0x083944c1 in main (argc=3, argv=0xbfc165d4) at
/tmp/php5.2-200708281430/sapi/cli/php_cli.c:1140
(gdb) frame 4
#4  0x0833fb70 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc12100) at
/tmp/php5.2-200708281430/Zend/zend_vm_execute.h:200
200                             ((zend_internal_function *)
EX(function_state).function)->handler(opline->extended_value,
EX_T(opline->result.u.var).var.ptr,
EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL,
EX(object), return_value_used TSRMLS_CC);
(gdb) frame 3
#3  0x080e8509 in zif_dom_element_set_attribute (ht=2,
return_value=0x8711f08, return_value_ptr=0x0, this_ptr=0x87101c0,
return_value_used=0) at /tmp/php5.2-200708281430/ext/dom/element.c:308
308                     node_list_unlink(attr->children TSRMLS_CC);
(gdb) frame 2
#2  0x080e01a0 in node_list_unlink (node=0x8676f20) at
/tmp/php5.2-200708281430/ext/dom/php_dom.c:948
948                                            
node_list_unlink((xmlNodePtr) node->properties TSRMLS_CC);
(gdb) frame 1
#1  0x080e0140 in node_list_unlink (node=0x656e6f) at
/tmp/php5.2-200708281430/ext/dom/php_dom.c:931
931                     wrapper = php_dom_object_get_data(node);
(gdb) frame 0
#0  0x080db409 in php_dom_object_get_data (obj=0x656e6f) at
/tmp/php5.2-200708281430/ext/dom/php_dom.c:242
242             if (obj && obj->_private != NULL) {

-- 
Edit bug report at http://bugs.php.net/?id=42462&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=42462&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=42462&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=42462&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=42462&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=42462&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=42462&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=42462&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=42462&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=42462&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=42462&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=42462&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=42462&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=42462&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=42462&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=42462&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=42462&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=42462&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=42462&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=42462&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=42462&r=mysqlcfg

Reply via email to