From: mathias dot henze at skytecag dot com
Operating system: Linux/Windows
PHP version: 5.0.4
PHP Bug Type: XSLT related
Bug description: CLI Crash (core dump) when calling php:function from XSLT
Description:
------------
If a parameter is passed to a php-function where an ancestor of an
xpath-expression does not exist, php (at leats CLI) core dumps on windows
and linux. This was tested with PHP5.0.4 and PHP5.1.0b1.
Reproduce code:
---------------
<?php
$source='<?xml version="1.0" encoding="ISO-8859-1"?>
<root>
<child1>
<child2/>
</child1>
</root>
';
$script='<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
xmlns:php="http://php.net/xsl";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsl:extension-element-prefixes="php">
<xsl:output method="text"/>
<xsl:template match="/">
<!-- This works! -->
<xsl:value-of
select="php:function(\'xslCallback\',/root/child1/child2)"/>
<!-- This works! -->
<xsl:value-of
select="php:function(\'xslCallback\',/root/child1/childE)"/>
<!-- This works! -->
<xsl:value-of
select="php:functionString(\'xslCallback\',/root/childE/child2)"/>
<!-- This core dumps! -->
<xsl:value-of
select="php:function(\'xslCallback\',/root/childE/child2)"/>
<!-- This (surprisingly) also core dumps (at the
function-callback)! -->
<xsl:variable name="indirect" select="/root/childE/child2"/>
<xsl:value-of select="php:function(\'xslCallback\',$indirect)"/>
</xsl:template>
</xsl:stylesheet>
';
function xslCallback($nodes)
{
return "This works!\n";
}
$dom = new DOMDocument();
$dom->preserveWhiteSpace = true;
$dom->loadXML($source);
$xsl = new DOMDocument;
$xsl->loadXML($script);
$xslt = new XSLTProcessor();
$xslt->registerPHPFunctions();
$xslt->importStyleSheet($xsl);
if (false === ($result = $xslt->transformToXML($dom)))
{
trigger_error('XSL transformation failed.', E_USER_ERROR);
}
print $result;
?>
Expected result:
----------------
This Works!
This Works!
This Works!
This Works!
This Works!
Actual result:
--------------
Core Dump.
strace:
(...)
open("/usr/lib/php5/extensions/date.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P-\0\000"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=49264, ...}) = 0
old_mmap(NULL, 52448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb700f000
old_mmap(0xb701b000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0xb701b000
close(3) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0xb7f4b5b0, [PROF], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
open("test.php", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0744, st_size=1656, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0xb700e000
read(3, "<?php\r\n\r\n$source=\'<?xml version="..., 4096) = 1656
_llseek(3, 0, [0], SEEK_SET) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0xb7f4b5b0, [PROF], SA_RESTART}, {0xb7f4b5b0,
[PROF], SA_RESTART}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
brk(0x8152000) = 0x8152000
gettimeofday({1118767098, 337756}, NULL) = 0
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 6), ...}) = 0
lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 6), ...}) = 0
lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
fstat64(2, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 6), ...}) = 0
lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
getcwd("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze", 4096) = 51
lstat64("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze/test.php",
{st_mode=S_IFREG|0744, st_size=1656, ...}) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0xb7f4b5b0, [PROF], SA_RESTART}, {0xb7f4b5b0,
[PROF], SA_RESTART}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfffd138) = -1 ENOTTY
(Inappropriate ioctl for device)
read(3, "<?php\r\n\r\n$source=\'<?xml version="..., 8192) = 1656
read(3, "", 4096) = 0
read(3, "", 8192) = 0
close(3) = 0
munmap(0xb700e000, 4096) = 0
getcwd("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze", 4096) = 51
getcwd("/var/www/html/ngcms-mhenze/_developer-dirs_/mhenze", 4096) = 51
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++
--
Edit bug report at http://bugs.php.net/?id=33340&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=33340&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=33340&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=33340&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=33340&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=33340&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=33340&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=33340&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=33340&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=33340&r=support
Expected behavior: http://bugs.php.net/fix.php?id=33340&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=33340&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=33340&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=33340&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=33340&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=33340&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=33340&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=33340&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=33340&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=33340&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=33340&r=mysqlcfg
