From: [EMAIL PROTECTED] Operating system: N/A PHP version: 4.3.11 PHP Bug Type: DOM XML related Bug description: Segfault with replaceChild and entities
Description: ------------ Segfault using replaceChild. PHP 4.3.11, LibXML v2.6.9 Reproduce code: --------------- <?php // Main document $xml = '<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd";> <article> <articleinfo> <abstract> <para>foobar</para> </abstract> </articleinfo> </article>'; // Load $doc = new DomDocument; $doc->resolveExternals = true; $doc->loadXml($xml); // Fragment $frag = '<?xml version="1.0" encoding="utf-8" ?>'; $frag .= '<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd";>'; $frag .= '<abstract><para>°</para></abstract>'; // Load $dom = new DomDocument; $dom->resolveExternals = true; $dom->loadXML($frag); // Locate the node $xpath = new DOMXpath($doc); $nodelist = $xpath->query('/article/articleinfo/abstract'); $oldnode = $nodelist->item(0); // Replace the node $newnode = $doc->importNode($dom->documentElement, true); $oldnode->parentNode->replaceChild($newnode, $oldnode); // Check echo $doc->saveXml(); ?> Actual result: -------------- # $ gdb /usr/local/bin/php core.2729 # GNU gdb Red Hat Linux (5.2-2) # Copyright 2002 Free Software Foundation, Inc. # GDB is free software, covered by the GNU General Public License, and you are # welcome to change it and/or distribute copies of it under certain conditions. # Type "show copying" to see the conditions. # There is absolutely no warranty for GDB. Type "show warranty" for details. # This GDB was configured as "i386-redhat-linux"... # Core was generated by `php dom-replacechild.php'. # Program terminated with signal 11, Segmentation fault. # Reading symbols from /lib/libcrypt.so.1...done. # Loaded symbols for /lib/libcrypt.so.1 # Reading symbols from /usr/lib/libexslt.so.0...done. # Loaded symbols for /usr/lib/libexslt.so.0 # Reading symbols from /usr/lib/libz.so.1...done. # Loaded symbols for /usr/lib/libz.so.1 # Reading symbols from /lib/i686/libm.so.6...done. # Loaded symbols for /lib/i686/libm.so.6 # Reading symbols from /usr/lib/libmysqlclient.so.10...done. # Loaded symbols for /usr/lib/libmysqlclient.so.10 # Reading symbols from /usr/lib/libbz2.so.1...done. # Loaded symbols for /usr/lib/libbz2.so.1 # Reading symbols from /lib/libresolv.so.2...done. # Loaded symbols for /lib/libresolv.so.2 # Reading symbols from /lib/libdl.so.2...done. # Loaded symbols for /lib/libdl.so.2 # Reading symbols from /lib/libnsl.so.1...done. # Loaded symbols for /lib/libnsl.so.1 # Reading symbols from /usr/lib/libxslt.so.1...done. # Loaded symbols for /usr/lib/libxslt.so.1 # Reading symbols from /usr/lib/libxml2.so.2...done. # Loaded symbols for /usr/lib/libxml2.so.2 # Reading symbols from /lib/i686/libpthread.so.0...done. # Loaded symbols for /lib/i686/libpthread.so.0 # Reading symbols from /lib/i686/libc.so.6...done. # Loaded symbols for /lib/i686/libc.so.6 # Reading symbols from /lib/ld-linux.so.2...done. # Loaded symbols for /lib/ld-linux.so.2 # #0 0x401a60c0 in xmlStrEqual () from /usr/lib/libxml2.so.2 # (gdb) bt # #0 0x401a60c0 in xmlStrEqual () from /usr/lib/libxml2.so.2 # #1 0x40160043 in xmlSearchNsByHref () from /usr/lib/libxml2.so.2 # #2 0x401602ae in xmlNewReconciliedNs () from /usr/lib/libxml2.so.2 # #3 0x4016048a in xmlReconciliateNs () from /usr/lib/libxml2.so.2 # #4 0x0808ac48 in zif_dom_node_replace_child (ht=2, return_value=0x8906d44, this_ptr=0x859ace4, return_value_used=0) # at /usr/local/src/php-5.0.4/ext/dom/node.c:1187 # #5 0x081d04fb in zend_do_fcall_common_helper (execute_data=0xbfffd730, opline=0x841f424, op_array=0x841812c) # at /usr/local/src/php-5.0.4/Zend/zend_execute.c:2727 # #6 0x081b781a in execute (op_array=0x841812c) at /usr/local/src/php-5.0.4/Zend/zend_execute.c:1406 # #7 0x0819b2c5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.0.4/Zend/zend.c:1069 # #8 0x0816d7aa in php_execute_script (primary_file=0xbffffad0) at /usr/local/src/php-5.0.4/main/main.c:1632 # #9 0x081d914c in main (argc=2, argv=0xbffffb74) at /usr/local/src/php-5.0.4/sapi/cli/php_cli.c:946 # #10 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 # (gdb) frame 6 # #6 0x081b781a in execute (op_array=0x841812c) at /usr/local/src/php-5.0.4/Zend/zend_execute.c:1406 # 1406 if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) { # (gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name # $1 = 0x81db7a9 "replaceChild" # (gdb) -- Edit bug report at http://bugs.php.net/?id=33743&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=33743&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=33743&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=33743&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=33743&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=33743&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=33743&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=33743&r=needscript Try newer version: http://bugs.php.net/fix.php?id=33743&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=33743&r=support Expected behavior: http://bugs.php.net/fix.php?id=33743&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=33743&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=33743&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=33743&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=33743&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=33743&r=dst IIS Stability: http://bugs.php.net/fix.php?id=33743&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=33743&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=33743&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=33743&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=33743&r=mysqlcfg
