From: deeno at ukf dot net
Operating system: Redhat 7.2
PHP version: 4.3.2
PHP Bug Type: XML related
Bug description: PHP crash parsing very large xml file
Description:
------------
I'm using PHP to parse a very large XML file (a SOAP message - I use
NuSOAP). This is usually resulting in a seg fault (stack trace below), but
in some cases Apache is dumping the following error to the error log:
FATAL: erealloc(): Unable to allocate -1073875731 bytes
Unfortunately, it is difficult to reproduce with a simple example due the
the size of the data.
PHP was configured as follows:
./configure --with-apxs=/home/test/apache/bin/apxs --with-mm=/usr/lib
--prefix=/opt/php --with-openssl=/opt/openssl/ --without-mysql
--with-curl=/opt/curl/ --with-mcrypt=/opt/mcrypt/
Expected result:
----------------
Normal execution of script
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x40109a5a in chunk_alloc (ar_ptr=0x401be4e0, nb=32) at malloc.c:2879
2879 malloc.c: No such file or directory.
in malloc.c
(gdb) where
#0 0x40109a5a in chunk_alloc (ar_ptr=0x401be4e0, nb=32) at malloc.c:2879
#1 0x40109858 in __libc_malloc (bytes=28) at malloc.c:2811
#2 0x404efbaf in _emalloc (size=12) at
/home/do/php-4.3.2/Zend/zend_alloc.c:158
#3 0x40510fa7 in execute (op_array=0x8398814) at
/home/do/php-4.3.2/Zend/zend_execute.c:1601
#4 0x404f67fe in call_user_function_ex (function_table=0x8521100,
object_pp=0x8510b80, function_name=0x82f742c,
retval_ptr_ptr=0xbffde9a8, param_count=3, params=0x18a8694c,
no_separation=1, symbol_table=0x0)
at /home/do/php-4.3.2/Zend/zend_execute_API.c:559
#5 0x404f6204 in call_user_function (function_table=0x81bbbc8,
object_pp=0x8510b80, function_name=0x82f742c,
retval_ptr=0x11c7674c, param_count=3, params=0xbffdea60) at
/home/do/php-4.3.2/Zend/zend_execute_API.c:401
#6 0x404b7a06 in xml_call_handler (parser=0x8510b44, handler=0x82f742c,
argc=3, argv=0xbffdea60)
at /home/do/php-4.3.2/ext/xml/xml.c:377
#7 0x404b810a in _xml_startElementHandler (userData=0x8510b44,
name=0x8454e38 "item", attributes=0x8368048)
at /home/do/php-4.3.2/ext/xml/xml.c:661
#8 0x404bbb29 in doContent (parser=0x82b6a18, startTagLevel=0,
enc=0x40547280,
s=0x480704f6 "<item xsi:type=\"xsd:string\"></item>\n <item
xsi:type=\"xsd:string\"></item>\n <item
xsi:type=\"xsd:string\"></item>\n <item
xsi:type=\"xsd:string\"></item>\n <item
xsi:type=\"xsd:string\"></it"..., end=0x4922ba13 "", nextPtr=0x0) at
/home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1659
#9 0x404bb2d8 in contentProcessor (parser=0x82b6a18,
start=0x4794402f "<soapenv:Envelope
xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>\n
<soapenv:Body>\n <ns1:l"..., end=0x4922ba13 "", endPtr=0x0) at
/home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1349
#10 0x404bd623 in doProlog (parser=0x82b6a18, enc=0x40547280,
s=0x4794402f "<soapenv:Envelope
xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>\n
<soapenv:Body>\n <ns1:l"..., end=0x4922ba13 "", tok=29,
next=0x4794402f "<soapenv:Envelope
xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>\n
<soapenv:Body>\n <ns1:l"..., nextPtr=0x0) at
/home/do/php-4.3.2/ext/xml/expat/xmlparse.c:2687
#11 0x404bd1ba in prologProcessor (parser=0x82b6a18,
s=0x47944008 "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<soapenv:Envelope
xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSch";..., end=0x4922ba13 "",
nextPtr=0x0) at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:2523
#12 0x404baefa in php_XML_ParseBuffer (parser=0x82b6a18, len=26114571,
isFinal=1)
at /home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1150
#13 0x404baea8 in php_XML_Parse (parser=0x82b6a18,
s=0x4605c014 "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<soapenv:Envelope
xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSch";..., len=26114571, isFinal=1) at
/home/do/php-4.3.2/ext/xml/expat/xmlparse.c:1140
#14 0x404b9742 in zif_xml_parse (ht=3, return_value=0x84588b4,
this_ptr=0x0, return_value_used=1)
at /home/do/php-4.3.2/ext/xml/xml.c:1340
#15 0x40511018 in execute (op_array=0x84f51a4) at
/home/do/php-4.3.2/Zend/zend_execute.c:1606
#16 0x405111d6 in execute (op_array=0x83b90f4) at
/home/do/php-4.3.2/Zend/zend_execute.c:1650
#17 0x405111d6 in execute (op_array=0x84e12b4) at
/home/do/php-4.3.2/Zend/zend_execute.c:1650
#18 0x405111d6 in execute (op_array=0x8524e6c) at
/home/do/php-4.3.2/Zend/zend_execute.c:1650
#19 0x405111d6 in execute (op_array=0x83614e4) at
/home/do/php-4.3.2/Zend/zend_execute.c:1650
#20 0x405111d6 in execute (op_array=0x82d20ac) at
/home/do/php-4.3.2/Zend/zend_execute.c:1650
#21 0x405111d6 in execute (op_array=0x84a82ac) at
/home/do/php-4.3.2/Zend/zend_execute.c:1650
#22 0x404feb24 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/do/php-4.3.2/Zend/zend.c:869
#23 0x404d7c48 in php_execute_script (primary_file=0xbffebf40) at
/home/do/php-4.3.2/main/main.c:1671
#24 0x405185c6 in apache_php_module_main (r=0x818fb20,
display_source_mode=0)
at /home/do/php-4.3.2/sapi/apache/sapi_apache.c:54
#25 0x405191a2 in send_php (r=0x818fb20, display_source_mode=0,
filename=0x0)
at /home/do/php-4.3.2/sapi/apache/mod_php4.c:617
#26 0x405191f6 in send_parsed_php (r=0x818fb20) at
/home/do/php-4.3.2/sapi/apache/mod_php4.c:632
#27 0x0809bbc3 in ap_invoke_handler ()
#28 0x080b1067 in process_request_internal ()
#29 0x080b10c8 in ap_process_request ()
#30 0x080a7e39 in child_main ()
#31 0x080a8008 in make_child ()
#32 0x080a817c in startup_children ()
#33 0x080a87f4 in standalone_main ()
#34 0x080a9073 in main ()
#35 0x400a5687 in __libc_start_main (main=0x80a8cb0 <main>, argc=4,
ubp_av=0xbffec384, init=0x8063920 <_init>,
fini=0x81521a0 <_fini>, rtld_fini=0x4000dc54 <_dl_fini>,
stack_end=0xbffec37c)
at ../sysdeps/generic/libc-start.c:129
--
Edit bug report at http://bugs.php.net/?id=24497&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=24497&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=24497&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=24497&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24497&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=24497&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=24497&r=support
Expected behavior: http://bugs.php.net/fix.php?id=24497&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=24497&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=24497&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=24497&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24497&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=24497&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=24497&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=24497&r=gnused
