Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.3.8

Bug #2939 bug in error routine leads to segmentation fault
Submitted: 2004-12-10 02:36 UTC
From: php at macfreek dot nl Assigned: schst
Status: Closed Package: XML_Parser
PHP Version: 4.3.2 OS: Mac OS 10.3.6
Roadmaps: (Not assigned)    

 [2004-12-10 02:36 UTC] php at macfreek dot nl
Description: ------------ I created a subclass of XML_Parser. As soon as I trigger an error, by calling "raiseError()", which is a function in XML_Parser, my script crashes with either "Bus Error" or "Segmentation Fault". The cause seems to be that the raiseError() function in XML/Parser.php (in the XML_Parser class) does first call $this->free(), but does not abort execution. As soon as the script continues, errors happen. Can't create something <20 lines that crashes. Sorry. However, this code below calls the raiseError routine twice, while I expect once plus an abort (I checked that by adding an echo line to raiseError()).. Reproduce code: --------------- #!/usr/bin/php <?php require_once 'XML/Parser.php'; $parser = new XML_Parser(); $parser->raiseError("oops"); $parser->setInputString("<hi>"); $parser->parse(); ?>


 [2004-12-17 00:58 UTC] php at macfreek dot nl
I've put two php files with reproducable crashes online. First, my fully functional "XML_Parser_PropertyList" class, which was designed to parse PLIST files (a specific type of XML file used on Mac OS X to store preferences and other information). This class can be found in the "XML_Parser_crash_complex.php" file. Secondly is a simpler XML_Parser_CrashTest class, which is simular to the XML_Parser_Simple class, but raises an exception when it encounters a "<whatever>" XML element. This class can be found in the "XML_Parser_crash_simple.php" file. You can find the files in a tgz file, along with sample XML file and output of the versions I've installed, at the following URL. This is a quick way how you can get the errors: ~$ wget -q xml-parser-crash.tgz ~$ tar xzf pear-xml-parser-crash.tgz ~$ cd "Pear XML Parser crash"/ ~/Pear XML Parser crash$ ./XML_Parser_crash_simple.php [...] <WHATEVER> Oh no! A hideous <whatever> element was detected. Quick! Raise an exception! </WHATEVER> <KEY> Bus error ~/Pear XML Parser crash$ ./XML_Parser_crash_complex.php *** malloc[800]: error for object 0x463380: Incorrect checksum for freed object - object was probably modified after being freed; break at szone_error Segmentation fault PS: Though I can testify this is harmless code, it is always a good idea to be cautious when running unknown code. If you run it in a chroot, just remember it needs the XML_Parser.php PEAR file.
 [2004-12-17 01:01 UTC] php at macfreek dot nl
Oh yeah, remember to read the comment for the XML_Parser_CrashTest class. I have the strange habit of writing extensive comments. And happy holidays of course!
 [2004-12-22 10:01 UTC] schst
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at