From: php-bug at max-imp dot com
Operating system: Gentoo
PHP version: 5.0.3
PHP Bug Type: Reproducible crash
Bug description: Segmentation fault
Description:
------------
I am receiving an segmentation fault when accessing the ownerDocument
property of a DOMNode object. Here is the line it's crashing on...
$xpath = new DOMXPath( $relativeTo->ownerDocument );
Reproduce code:
---------------
I can reproduce the error in the system I am working on but can not get
the error to occur outside of the system. (The system is pretty large.)
Actual result:
--------------
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 13455)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 13455)]
0x082ef792 in zend_objects_store_add_ref (object=0x8d0f0f0e) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_objects_API.c:128
warning: Source file is more recent than executable.
128
EG(objects_store).object_buckets[handle].bucket.obj.refcount++;
(gdb) bt
#0 0x082ef792 in zend_objects_store_add_ref (object=0x8d0f0f0e) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_objects_API.c:128
#1 0x082d1765 in _zval_copy_ctor (zvalue=0x8c885a4,
__zend_filename=0x831e300
"/var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/php_dom.c",
__zend_lineno=1041)
at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_variables.c:158
#2 0x080bfbf4 in php_dom_create_object (obj=0x8ca32e8, found=0xbffe5f68,
wrapper_in=0x0, return_value=0x8c885a4, domobj=0x8db4484)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/php_dom.c:1041
#3 0x080c83ad in dom_node_owner_document_read (obj=0x8db4484,
retval=0xbffe5f98)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/node.c:575
#4 0x080b8c98 in dom_read_property (object=0x8cb2bf4, member=0x87805c0,
type=139514432)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/ext/dom/php_dom.c:227
#5 0x0830810c in zend_fetch_property_address_read (result=0x8780594,
op1=0x87805a8, op2=0x87805bc, Ts=0xbffe6084, type=0)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1158
#6 0x082fed68 in zend_fetch_obj_func_arg_handler
(execute_data=0xbffe7000, opline=0x8780590, op_array=0x8772ce4)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2170
#7 0x082fca38 in execute (op_array=0x8772ce4) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#8 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbffe7f80,
opline=0x89e5e30, op_array=0x8981fd0)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#9 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#10 0x082fca38 in execute (op_array=0x8981fd0) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#11 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbffef3d0,
opline=0x40b1e56c, op_array=0x8abbb20)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#12 0x08300f6e in zend_do_fcall_handler (execute_data=0xbffef3d0,
opline=0x40b1e56c, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2843
#13 0x082fca38 in execute (op_array=0x8abbb20) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#14 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbffef910,
opline=0x8790f24, op_array=0x89c6074)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#15 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#16 0x082fca38 in execute (op_array=0x89c6074) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#17 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff03e0,
opline=0x87a4708, op_array=0x89d33ac)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#18 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#19 0x082fca38 in execute (op_array=0x89d33ac) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#20 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff1430,
opline=0x87abd00, op_array=0x89d345c)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#21 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#22 0x082fca38 in execute (op_array=0x89d345c) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#23 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff1730,
opline=0x879e914, op_array=0x89d32fc)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#24 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#25 0x082fca38 in execute (op_array=0x89d32fc) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#26 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff1a80,
opline=0x879717c, op_array=0x89d2f04)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#27 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#28 0x082fca38 in execute (op_array=0x89d2f04) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#29 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff2b00,
opline=0x877dd7c, op_array=0x8772ce4)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#30 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2825
#31 0x082fca38 in execute (op_array=0x8772ce4) at
/var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:1400
#32 0x08300ac6 in zend_do_fcall_common_helper (execute_data=0xbfff5e30,
opline=0x8a84b44, op_array=0x8a4c458)
at /var/tmp/portage/php-5.0.3/work/php-5.0.3/Zend/zend_execute.c:2740
#33 0x08300e93 in zend_do_fcall_by_name_handler (execute_data=0x850d240,
opline=0x8d0f0f0e, op_array=0x8d0f0f0e)
---Type <return> to continue, or q <return> to quit---q
at /var/tmp/portage/php-5.0Quit
(gdb) print handle
$1 = 2366574350
(gdb)
--
Edit bug report at http://bugs.php.net/?id=31878&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31878&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=31878&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=31878&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=31878&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=31878&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=31878&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=31878&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=31878&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=31878&r=support
Expected behavior: http://bugs.php.net/fix.php?id=31878&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=31878&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=31878&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=31878&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31878&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=31878&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=31878&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=31878&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=31878&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=31878&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=31878&r=mysqlcfg
