#43205 [NEW]: Crash with get_elements_by_tagname

rak at avast dot com Tue, 06 Nov 2007 08:00:53 -0800

From:             rak at avast dot com
Operating system: Windows XP
PHP version:      5.2.5RC2
PHP Bug Type:     DOM XML related
Bug description:  Crash with get_elements_by_tagname


Description:
------------
Report for
php__PID__2952__Date__11_06_2007__Time_04_56_14PM__140__Second_Chance_Exception_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   LENOVO 
Operating System   Windows XP Service Pack 2 
Number Of Processors   2 
Process ID   2952 
Process Image   c:\Program Files\PHP\php.exe 
System Up-Time   2 day(s) 03:04:30 
Process Up-Time   00:01:06 


Thread 0 - System ID 6252
Entry point   php!mainCRTStartup 
Create time   6.11.2007 16:55:08 
Time spent in user mode   0 Days 0:0:0.31 
Time spent in kernel mode   0 Days 0:0:0.31 






Function     Arg 1     Arg 2     Arg 3   Source 
php5ts!zend_object_store_get_object+1f     012ed190     01021ba0    
100a70af    
php5ts!zend_objects_get_address+f     012ed190     01021ba0     015f2fa4  
 
php5ts!zend_std_get_properties+f     012ed190     01021ba0     00000000   

php_domxml!php_domobject_new+1d34     01df52b0     00000001     012ed190  
 
php_domxml!php_domobject_new+1b8a     012eea50     01021ba0     01022798  
 
php5ts!list_entry_destructor+43     012eea50     77c1c21b     01022798   

php5ts!zend_hash_apply_deleter+97     01022798     012ed048     01021ba0  
 
php5ts!zend_hash_graceful_reverse_destroy+13     01022798     1000273f    
01022798    
php5ts!zend_destroy_rsrc_list+a     01022798     01021ba0     01021ba0   

php5ts!zend_deactivate+ff     00000000     00000000     00000000    




PHP5TS!ZEND_OBJECT_STORE_GET_OBJECT+1FIn
php__PID__2952__Date__11_06_2007__Time_04_56_14PM__140__Second_Chance_Exception_C0000005.dmp
the assembly instruction at php5ts!zend_object_store_get_object+1f in
c:\Program Files\PHP\php5ts.dll from The PHP Group has caused an access
violation exception (0xC0000005) when trying to read from memory location
0x00000034 on thread 0

Module Information 
Image Name: c:\Program Files\PHP\php5ts.dll   Symbol Type:  PDB 
Base address: 0x10000000   Time Stamp:  Sat Nov 03 21:05:11 2007  
Checksum: 0x00000000   Comments:   
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  PHP Script Interpreter 
ISAPIFilter: False   File Version:  5.2.5.5 
Managed DLL: False   Internal Name:  php5ts.dll 
VB DLL: False   Legal Copyright:  Copyright © 1997-2007 The PHP Group 
Loaded Image Name:  php5ts.dll   Legal Trademarks:  PHP 
Mapped Image Name:  C:\Program Files\PHP\php5ts.dll   Original filename: 
php5ts.dll 
Module name:  php5ts   Private Build:   
Single Threaded:  False   Product Name:  PHP Script Interpreter 
Module Size:  4,86 MBytes   Product Version:  5.2.5 
Symbol File Name:  C:\Program Files\PHP\php5ts.pdb   Special Build: 
&RC3-dev 


Reproduce code:
---------------
<?php

$dom = domxml_open_mem('<?xml version="1.0" encoding="UTF-8"?><root><row
/> </root>');

someFunction($dom);

function someFunction($dom){
        $users = $dom->get_elements_by_tagname('row');
        die();
}
?>

Expected result:
----------------
DONE

Actual result:
--------------
apache/php crash

-- 
Edit bug report at http://bugs.php.net/?id=43205&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=43205&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=43205&r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=43205&r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=43205&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=43205&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=43205&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=43205&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=43205&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=43205&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=43205&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=43205&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=43205&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=43205&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=43205&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=43205&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=43205&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=43205&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=43205&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=43205&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=43205&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=43205&r=mysqlcfg

#43205 [NEW]: Crash with get_elements_by_tagname

Reply via email to