ID: 41086 Updated by: [EMAIL PROTECTED] Reported By: harvey dot robin at gmail dot com -Status: Open +Status: Bogus Bug Type: XSLT related Operating System: Ubuntu feisty PHP Version: 5CVS-2007-04-14 (snap) New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. This is a libxslt issue that is already fixed in that repository Previous Comments: ------------------------------------------------------------------------ [2007-04-15 10:02:06] harvey dot robin at gmail dot com The method given by Christian also works fine to reproduce the crash. ------------------------------------------------------------------------ [2007-04-15 08:19:01] judas dot iscariote at gmail dot com shortest possible way to reproduce I can find http://hell.kissofjudas.net/bug41086.tar.bz2 execute the test.php file. PHP Warning: XSLTProcessor::transformToXml(): Invalid type in /home/cristian/talta/test/test.php on line 6 Warning: XSLTProcessor::transformToXml(): Invalid type in /home/cristian/talta/test/test.php on line 6 PHP Warning: XSLTProcessor::transformToXml(): xmlXPathCompiledEval: 3 object left on the stack in /home/cristian/talta/test/test.php on line 6 Warning: XSLTProcessor::transformToXml(): xmlXPathCompiledEval: 3 object left on the stack in /home/cristian/talta/test/test.php on line 6 Program received signal SIGSEGV, Segmentation fault. [snip`libxml stripped libxml messages] #85 0x00002ad626e0b8ce in php_xsl_apply_stylesheet (id=0xc77238, intern=0xc79a80, style=0xd66c20, docp=0xc7adf8) at /home/cristian/php5/ext/xsl/xsltprocessor.c:472 newdocp = (xmlDocPtr) 0x7fff86737a30 doc = (xmlDocPtr) 0xeb12b0 node = (xmlNodePtr) 0xeb12b0 ctxt = (xsltTransformContextPtr) 0xeb8160 object = (php_libxml_node_object *) 0xc7a5a0 params = (char **) 0xc7a920 clone = 0 doXInclude = (zval *) 0xad32a8 member = (zval *) 0xc7ace0 std_hnd = (zend_object_handlers *) 0xacbc00 #86 0x00002ad626e0bc66 in zif_xsl_xsltprocessor_transform_to_xml (ht=1, return_value=0xc79f78, return_value_ptr=0x0, this_ptr=0xc77238, return_value_used=1) at /home/cristian/php5/ext/xsl/xsltprocessor.c:583 id = (zval *) 0xc77238 docp = (zval *) 0xc7adf8 newdocp = (xmlDoc *) 0xc79f78 sheetp = (xsltStylesheetPtr) 0xd66c20 ret = 24 doc_txt_ptr = (xmlChar *) 0x7fff86737a30 "8zs\206�\177" doc_txt_len = 0 intern = (xsl_object *) 0xc79a80 ---Type <return> to continue, or q <return> to quit--- #87 0x000000000072c378 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff86737a90) at /home/cristian/php5/Zend/zend_vm_execute.h:200 return_reference = 0 '\0' opline = (zend_op *) 0xc78eb0 original_return_value = (zval **) 0x7fff867376d0 current_scope = (zend_class_entry *) 0x0 current_this = (zval *) 0x0 return_value_used = 1 should_change_scope = 1 '\001' ctor_opline = (zend_op *) 0x7fff86737a90 #88 0x000000000072d245 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7fff86737a90) at /home/cristian/php5/Zend/zend_vm_execute.h:322 No locals. #89 0x000000000072bdc0 in execute (op_array=0xc77f70) at /home/cristian/php5/Zend/zend_vm_execute.h:92 execute_data = {opline = 0xc78eb0, function_state = {function_symbol_table = 0x0, function = 0xc43b30, reserved = { 0x63006cfe49, 0x82cb80, 0xc780b0, 0x7fff86737b00}}, fbc = 0xc43b30, op_array = 0xc77f70, object = 0xc77238, Ts = 0x7fff86737760, CVs = 0x7fff86737730, original_in_execution = 0 '\0', symbol_table = 0xad3428, prev_execute_data = 0x0, old_error_reporting = 0x0} #90 0x00000000007022f4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cristian/php5/Zend/zend.c:1134 files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff86737ca0, reg_save_area = 0x7fff86737be0}} i = 1 file_handle = (zend_file_handle *) 0x7fff8673a090 orig_op_array = (zend_op_array *) 0x0 orig_retval_ptr_ptr = (zval **) 0x0 local_retval = (zval *) 0x0 #91 0x000000000069fd01 in php_execute_script (primary_file=0x7fff8673a090) at /home/cristian/php5/main/main.c:1790 realfile = "/home/cristian/talta/test/test.php\000_query_type\000\000�\006\000\000�\177\000\000�\231p\000\000\000\000\000rpl_probe\000\202\000\000\000\000\000�\006\000\000\000\000\000\000 \217s\206\017\000\000\000rpl_parse_enabled\000\000\000\000\000\000\000��\202\000\000\000\000\000�\006\000\000�\177\000\000�\231p\000\000\000\000\000rollback\000�\202\000\000\000\000\000�\006\000\000�\177\000\000�\231p\000\000\000\000\000real_query\000\000\000\000\000\000�\006\000\000�\177\000\000"... __orig_bailout = (jmp_buf *) 0x7fff86739f40 __bailout = {{__jmpbuf = {47099221150688, -68967799470258375, 0, 140735449113296, 0, 0, -68967799470267079, ---Type <return> to continue, or q <return> to quit--- -69095675644025930}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 47099218988917, 1, 0, 140733193389737, 7379374, 47099240203304, 47099221150688, 140735449107936, 47099219010530, 47099243580752, 8461312, 11406816, 7396952, 47099243579232}}}} prepend_file_p = (zend_file_handle *) 0x0 append_file_p = (zend_file_handle *) 0x0 prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = { handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = { handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'} old_cwd = 0x7fff86737cc0 "" retval = 0 #92 0x00000000007895c0 in main (argc=2, argv=0x7fff8673a2d8) at /home/cristian/php5/sapi/cli/php_cli.c:1127 __orig_bailout = (jmp_buf *) 0x0 __bailout = {{__jmpbuf = {47099221150688, -68967799470245783, 0, 140735449113296, 0, 0, -68967799470258391, -69095675645029879}, __mask_was_saved = 0, __saved_mask = {__val = {47099218973247, 0, 47099245814024, 1, 0, 1, 0, 0, 0, 47099245817088, 47099221153344, 140735449112680, 4294967296, 47099243602800, 140735449112784, 47099243601920}}}} exit_status = 0 c = -1 file_handle = {type = 2 '\002', filename = 0x7fff8673bfdf "test.php", opened_path = 0x0, handle = {fd = 13219680, fp = 0xc9b760, stream = {handle = 0xc9b760, reader = 0x71c3a4 <zend_stream_stdio_reader>, closer = 0x71c3d0 <zend_stream_stdio_closer>, fteller = 0x71c3fa <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'} behavior = 1 reflection_what = 0x0 orig_optind = 1 orig_optarg = 0x0 arg_free = 0x7fff8673bfdf "test.php" arg_excp = (char **) 0x7fff8673a2e0 script_file = 0x7fff8673bfdf "test.php" interactive = 0 module_started = 1 request_started = 1 ---Type <return> to continue, or q <return> to quit--- lineno = 1 exec_direct = 0x0 exec_run = 0x0 exec_begin = 0x0 exec_end = 0x0 param_error = 0x0 hide_argv = 0 ini_entries_len = 110 ------------------------------------------------------------------------ [2007-04-14 19:28:27] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. ------------------------------------------------------------------------ [2007-04-14 19:21:41] harvey dot robin at gmail dot com Description: ------------ Running a complex stylesheet (possibly with errors, certainly produces warnings) results in a segmentation fault or a "corrupted double-linked list" The stylesheet uses exslt, and the dom it's parsing over is created with the flags LIBXML_NOENT|LIBXML_DTDLOAD|LIBXML_DTDATTR. The code also uses a custom stream handler in conjunction with the xpath document function. When you run the tests below, there are a couple of warnings produced before the crash, one is "XSLTProcessor::transformToXml(): Invalid type" and the other is "XSLTProcessor::transformToXml(): xmlXPathCompiledEval: 4 objects left on the stack." I've met these warnings before, but they have never resulted in a crash. Reproduce code: --------------- The code needed to reproduce the error is available on the subversion server of my project. To produce the crash, do: *> svn checkout http://taltastic.googlecode.com/svn/trunk/ -r 42 taltastic *> cd taltastic/test *> php test.php This produces the double linked list fault on my system, to produce the segmentation fault error you have to edit the test.php file and change the $templ variable to load from "test.xml" instead of "test.html". Here is my configure line: [EMAIL PROTECTED]:~/libs/php5.2-CVS2$ cat config.nice #! /bin/sh # # Created by configure './configure' \ '--disable-cgi' \ '--enable-cli' \ '--with-zlib' \ '--with-bz2' \ '--with-gd' \ '--enable-gd-native-ttf' \ '--enable-mbstring' \ '--with-mcrypt' \ '--with-pdo-pgsql' \ '--disable-session' \ '--enable-sockets' \ '--with-xsl' \ '--enable-soap' \ '--enable-debug' \ "$@" Expected result: ---------------- Expect to see an html document echoed to the screen. Actual result: -------------- ...This one with the code as-is, using "test.html"... Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 47983451902976 (LWP 29653)] 0x00002ba402eb738b in xmlXPathNodeSetAddUnique () from /usr/lib/libxml2.so.2 (gdb) bt #0 0x00002ba402eb738b in xmlXPathNodeSetAddUnique () from /usr/lib/libxml2.so.2 #1 0x00002ba402eb78f5 in ?? () from /usr/lib/libxml2.so.2 #2 0x00002ba402ec2b27 in ?? () from /usr/lib/libxml2.so.2 #3 0x00002ba402ec2f74 in ?? () from /usr/lib/libxml2.so.2 #4 0x00002ba402ec2948 in ?? () from /usr/lib/libxml2.so.2 #5 0x00002ba402ec413e in ?? () from /usr/lib/libxml2.so.2 #6 0x00002ba402ec8447 in ?? () from /usr/lib/libxml2.so.2 #7 0x00002ba402ec8619 in xmlXPathCompiledEval () from /usr/lib/libxml2.so.2 #8 0x00002ba402c1acc2 in xsltEvalXPathPredicate () from /usr/lib/libxslt.so.1 #9 0x00002ba402c16714 in ?? () from /usr/lib/libxslt.so.1 #10 0x00002ba402c17670 in xsltGetTemplate () from /usr/lib/libxslt.so.1 #11 0x00002ba402c2be52 in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #12 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #13 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #14 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #15 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #16 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #17 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #18 0x00002ba402c2bbca in xsltCallTemplate () from /usr/lib/libxslt.so.1 #19 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #20 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #21 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #22 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #23 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #24 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #25 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #26 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #27 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #28 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #29 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #30 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #31 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #32 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #33 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #34 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #35 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 ---Type <return> to continue, or q <return> to quit--- #36 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #37 0x00002ba402c2bbca in xsltCallTemplate () from /usr/lib/libxslt.so.1 #38 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #39 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #40 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #41 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #42 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #43 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #44 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #45 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #46 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #47 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #48 0x00002ba402c2bbca in xsltCallTemplate () from /usr/lib/libxslt.so.1 #49 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #50 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #51 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #52 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #53 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #54 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #55 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #56 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #57 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #58 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #59 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #60 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #61 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #62 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #63 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #64 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #65 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #66 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #67 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #68 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #69 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #70 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #71 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 ---Type <return> to continue, or q <return> to quit--- #72 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #73 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #74 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #75 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #76 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #77 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #78 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #79 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #80 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #81 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #82 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #83 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #84 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #85 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #86 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #87 0x00002ba402c2fddf in ?? () from /usr/lib/libxslt.so.1 #88 0x00000000007929b5 in ?? () #89 0x0000000000792d3d in zif_xsl_xsltprocessor_transform_to_xml () #90 0x000000000081e2fa in ?? () #91 0x000000000081f062 in ?? () #92 0x000000000081dd96 in execute () #93 0x00000000007f5ef8 in zend_execute_scripts () #94 0x0000000000799679 in php_execute_script () #95 0x000000000087884a in main () (gdb) ...And this one using "text.xml"... Program received signal SIGABRT, Aborted. [Switching to Thread 47939104691200 (LWP 29670)] 0x00002b99afce1cab in raise () from /lib/libc.so.6 (gdb) bt #0 0x00002b99afce1cab in raise () from /lib/libc.so.6 #1 0x00002b99afce3660 in abort () from /lib/libc.so.6 #2 0x00002b99afd1966b in ?? () from /lib/libc.so.6 #3 0x00002b99afd1ee47 in ?? () from /lib/libc.so.6 #4 0x00002b99afd21122 in ?? () from /lib/libc.so.6 #5 0x00002b99afd2298d in malloc () from /lib/libc.so.6 #6 0x00002b99af9c19ce in xmlBufferCreate () from /usr/lib/libxml2.so.2 #7 0x00002b99af9ca8e6 in xmlAllocOutputBuffer () from /usr/lib/libxml2.so.2 #8 0x00002b99af748626 in xsltSaveResultToString () from /usr/lib/libxslt.so.1 #9 0x0000000000792d68 in zif_xsl_xsltprocessor_transform_to_xml () #10 0x000000000081e2fa in ?? () #11 0x000000000081f062 in ?? () #12 0x000000000081dd96 in execute () #13 0x00000000007f5ef8 in zend_execute_scripts () #14 0x0000000000799679 in php_execute_script () #15 0x000000000087884a in main () (gdb) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41086&edit=1
