#23890 [NEW]: Segmentation fault if ext/xml is used by OO code

[per at nobolt dot com]

From:             per at nobolt dot com
Operating system: Debian GNU/Linux
PHP version:      5CVS-2003-05-30 (dev)
PHP Bug Type:     XML related
Bug description:  Segmentation fault if ext/xml is used by OO code

The following script causes the bug to appear:

<?php

class Parser {
    var $mParser;
    
    function __construct() {
        $this->mParser = xml_parser_create();
        xml_set_element_handler($this->mParser, array($this,
"StartElementHandler"), array($this, "EndElementHandler"));
    }
    
    function __destruct() {
        xml_parser_free($this->mParser);
    }
    
    
    function Parse($data) {
        xml_parse($this->mParser, $data);
    }

    function StartElementHandler($parser, $name, $attribs) {
    }
    
    function EndElementHandler($parser, $name) {
    }
}

function StartElementHandler($parser, $name, $attribs) {
}

function EndElementHandler($parser, $name) {
}

$rss_data =
file_get_contents("http://freshmeat.net/backend/fm-releases.rdf";, "rb");

// This works fine
print "line 1\n";
$parser = xml_parser_create();
print "line 2\n";
xml_set_element_handler($parser, "StartElementHandler",
"EndElementHandler");
print "line 3\n";
xml_parse($parser, $rss_data);
print "line 4\n";
xml_parser_free($parser);

// ...but this code will make it crash, upon Zend exit.
print "line 5\n";
$parser = new Parser();
print "line 6\n";
$parser->parse($rss_data);
print "line 7\n";
$parser = NULL;
print "line 8\n";

?>

This is the GDB output:
GNU gdb 5.3-debian
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-linux"...
(gdb) run
Starting program: /usr/local/php5/bin/php rss_debug.php
line 1
line 2
line 3
line 4
line 5
line 6
line 7
line 8
 
Program received signal SIGSEGV, Segmentation fault.
0x0812e914 in _efree (ptr=0x5a5a5a5a, __zend_filename=0x8179080
"/usr/local/src/php-cvs/php5/ext/xml/xml.c", __zend_lineno=183,
__zend_orig_filename=0x0,
    __zend_orig_lineno=0) at
/usr/local/src/php-cvs/php5/Zend/zend_alloc.c:253
253             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) backtrace
#0  0x0812e914 in _efree (ptr=0x5a5a5a5a, __zend_filename=0x8179080
"/usr/local/src/php-cvs/php5/ext/xml/xml.c", __zend_lineno=183,
__zend_orig_filename=0x0,
    __zend_orig_lineno=0) at
/usr/local/src/php-cvs/php5/Zend/zend_alloc.c:253
#1  0x080fcc10 in php_xml_free_wrapper (ptr=0x5a5a5a5a) at
/usr/local/src/php-cvs/php5/ext/xml/xml.c:183
#2  0x400b7303 in xmlCharEncCloseFunc () from /usr/lib/libxml2.so.2
#3  0x400d9b75 in xmlFreeParserInputBuffer () from /usr/lib/libxml2.so.2
#4  0x400bad9d in xmlFreeInputStream () from /usr/lib/libxml2.so.2
#5  0x400bb6fd in xmlFreeParserCtxt () from /usr/lib/libxml2.so.2
#6  0x08101036 in XML_ParserFree (parser=0x81f21dc) at
/usr/local/src/php-cvs/php5/ext/xml/compat.c:574
#7  0x080fd10e in xml_parser_dtor (rsrc=0x81ef184) at
/usr/local/src/php-cvs/php5/ext/xml/xml.c:325
#8  0x0814a943 in list_entry_destructor (ptr=0x81ef184) at
/usr/local/src/php-cvs/php5/Zend/zend_list.c:178
#9  0x08148dfb in zend_hash_apply_deleter (ht=0x81ad480, p=0x81f03d4) at
/usr/local/src/php-cvs/php5/Zend/zend_hash.c:565
#10 0x08149020 in zend_hash_graceful_reverse_destroy (ht=0x81ad480) at
/usr/local/src/php-cvs/php5/Zend/zend_hash.c:631
#11 0x0814aa83 in zend_destroy_rsrc_list (ht=0x81ad480) at
/usr/local/src/php-cvs/php5/Zend/zend_list.c:234
#12 0x081385ef in shutdown_executor () at
/usr/local/src/php-cvs/php5/Zend/zend_execute_API.c:265
#13 0x08142b38 in zend_deactivate () at
/usr/local/src/php-cvs/php5/Zend/zend.c:786
#14 0x0810ae53 in php_request_shutdown (dummy=0x0) at
/usr/local/src/php-cvs/php5/main/main.c:1174
#15 0x081617a0 in main (argc=2, argv=0xbffffac4) at
/usr/local/src/php-cvs/php5/sapi/cli/php_cli.c:1013

-- 
Edit bug report at http://bugs.php.net/?id=23890&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=23890&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=23890&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=23890&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=23890&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=23890&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=23890&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=23890&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=23890&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=23890&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=23890&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=23890&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=23890&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=23890&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=23890&r=gnused