#40598 [NEW]: libxml segfault

incastrix at yahoo dot it Thu, 22 Feb 2007 15:08:12 -0800

From:             incastrix at yahoo dot it
Operating system: debian etch
PHP version:      5CVS-2007-02-22 (CVS)
PHP Bug Type:     XML related
Bug description:  libxml segfault


Description:
------------
libxml segfaults when xml document was loaded with  LIBXML_COMPACT flag
and try to remove a node.

libxml 2.6.27

Reproduce code:
---------------
$doc = DOMDocument::loadXML('<root><father><child  xml:id="remove"
/></father></root>', LIBXML_COMPACT);
$node = $doc->getElementByID('remove');
$node->parentNode->removeChild( $node );

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210758944 (LWP 27086)]
php_libxml_node_free_list (node=0x70706970) at
/usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236
236                             switch (node->type) {
(gdb) bt
#0  php_libxml_node_free_list (node=0x70706970) at
/usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:236
#1  0xb7a310b0 in php_libxml_node_free_list (node=<value optimized out>)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:253
#2  0xb7a310f9 in php_libxml_node_free_list (node=<value optimized out>)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:249
#3  0xb7a3115b in php_libxml_node_free_resource (node=0x82247c0)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1005
#4  0xb7a311f8 in php_libxml_node_decrement_resource (object=0xb7799708)
    at /usr/local/src/php5.2-200702222130/ext/libxml/libxml.c:1028
#5  0xb7a65864 in dom_objects_free_storage (object=0xb7799708) at
/usr/local/src/php5.2-200702222130/ext/dom/php_dom.c:974
#6  0xb7c298a7 in zend_objects_store_del_ref_by_handle (handle=2)
    at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:206
#7  0xb7c298e7 in zend_objects_store_del_ref (zobject=0xb7799848)
    at /usr/local/src/php5.2-200702222130/Zend/zend_objects_API.c:168
#8  0xb7c02199 in _zval_ptr_dtor (zval_ptr=0xb7796f60) at
/usr/local/src/php5.2-200702222130/Zend/zend_variables.h:35
#9  0xb7c17667 in zend_hash_apply_deleter (ht=0xb7d53990, p=0xb7796f54)
    at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:611
#10 0xb7c17768 in zend_hash_reverse_apply (ht=0xb7d53990,
apply_func=0xb7c018d0 <zval_call_destructor>)
    at /usr/local/src/php5.2-200702222130/Zend/zend_hash.c:760
#11 0xb7c020fe in shutdown_destructors () at
/usr/local/src/php5.2-200702222130/Zend/zend_execute_API.c:211
#12 0xb7c0e300 in zend_call_destructors () at
/usr/local/src/php5.2-200702222130/Zend/zend.c:846
#13 0xb7bcfd88 in php_request_shutdown (dummy=0x0) at
/usr/local/src/php5.2-200702222130/main/main.c:1279
#14 0xb7c8642d in php_handler (r=0x821d578) at
/usr/local/src/php5.2-200702222130/sapi/apache2handler/sapi_apache2.c:463
#15 0x08074617 in ap_run_handler (r=0x821d578) at config.c:157
#16 0x08077707 in ap_invoke_handler (r=0x821d578) at config.c:372
#17 0x0808deb8 in ap_process_request (r=0x821d578) at http_request.c:258
#18 0x0808b15e in ap_process_http_connection (c=0x8219558) at
http_core.c:184
#19 0x0807b4d7 in ap_run_process_connection (c=0x8219558) at
connection.c:43
#20 0x080a10a4 in child_main (child_num_arg=<value optimized out>) at
prefork.c:640
#21 0x080a1304 in make_child (s=0x80ccc80, slot=0) at prefork.c:680
#22 0x080a20ca in ap_mpm_run (_pconf=0x80c80a8, plog=0x81061a0,
s=0x80ccc80) at prefork.c:956
#23 0x0806222f in main (argc=135029024, argv=0x0) at main.c:717


-- 
Edit bug report at http://bugs.php.net/?id=40598&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=40598&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=40598&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=40598&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=40598&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=40598&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=40598&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=40598&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=40598&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=40598&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=40598&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=40598&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=40598&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=40598&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=40598&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=40598&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=40598&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=40598&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=40598&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=40598&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=40598&r=mysqlcfg

#40598 [NEW]: libxml segfault

Reply via email to