From: harvey dot robin at gmail dot com Operating system: Ubuntu feisty PHP version: 5CVS-2007-04-14 (snap) PHP Bug Type: XSLT related Bug description: Seg fault and "corrupted double-linked list" with xslt warning
Description: ------------ Running a complex stylesheet (possibly with errors, certainly produces warnings) results in a segmentation fault or a "corrupted double-linked list" The stylesheet uses exslt, and the dom it's parsing over is created with the flags LIBXML_NOENT|LIBXML_DTDLOAD|LIBXML_DTDATTR. The code also uses a custom stream handler in conjunction with the xpath document function. When you run the tests below, there are a couple of warnings produced before the crash, one is "XSLTProcessor::transformToXml(): Invalid type" and the other is "XSLTProcessor::transformToXml(): xmlXPathCompiledEval: 4 objects left on the stack." I've met these warnings before, but they have never resulted in a crash. Reproduce code: --------------- The code needed to reproduce the error is available on the subversion server of my project. To produce the crash, do: *> svn checkout http://taltastic.googlecode.com/svn/trunk/ -r 42 taltastic *> cd taltastic/test *> php test.php This produces the double linked list fault on my system, to produce the segmentation fault error you have to edit the test.php file and change the $templ variable to load from "test.xml" instead of "test.html". Here is my configure line: [EMAIL PROTECTED]:~/libs/php5.2-CVS2$ cat config.nice #! /bin/sh # # Created by configure './configure' \ '--disable-cgi' \ '--enable-cli' \ '--with-zlib' \ '--with-bz2' \ '--with-gd' \ '--enable-gd-native-ttf' \ '--enable-mbstring' \ '--with-mcrypt' \ '--with-pdo-pgsql' \ '--disable-session' \ '--enable-sockets' \ '--with-xsl' \ '--enable-soap' \ '--enable-debug' \ "$@" Expected result: ---------------- Expect to see an html document echoed to the screen. Actual result: -------------- ...This one with the code as-is, using "test.html"... Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 47983451902976 (LWP 29653)] 0x00002ba402eb738b in xmlXPathNodeSetAddUnique () from /usr/lib/libxml2.so.2 (gdb) bt #0 0x00002ba402eb738b in xmlXPathNodeSetAddUnique () from /usr/lib/libxml2.so.2 #1 0x00002ba402eb78f5 in ?? () from /usr/lib/libxml2.so.2 #2 0x00002ba402ec2b27 in ?? () from /usr/lib/libxml2.so.2 #3 0x00002ba402ec2f74 in ?? () from /usr/lib/libxml2.so.2 #4 0x00002ba402ec2948 in ?? () from /usr/lib/libxml2.so.2 #5 0x00002ba402ec413e in ?? () from /usr/lib/libxml2.so.2 #6 0x00002ba402ec8447 in ?? () from /usr/lib/libxml2.so.2 #7 0x00002ba402ec8619 in xmlXPathCompiledEval () from /usr/lib/libxml2.so.2 #8 0x00002ba402c1acc2 in xsltEvalXPathPredicate () from /usr/lib/libxslt.so.1 #9 0x00002ba402c16714 in ?? () from /usr/lib/libxslt.so.1 #10 0x00002ba402c17670 in xsltGetTemplate () from /usr/lib/libxslt.so.1 #11 0x00002ba402c2be52 in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #12 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #13 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #14 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #15 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #16 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #17 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #18 0x00002ba402c2bbca in xsltCallTemplate () from /usr/lib/libxslt.so.1 #19 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #20 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #21 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #22 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #23 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #24 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #25 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #26 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #27 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #28 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #29 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #30 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #31 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #32 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #33 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #34 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #35 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 ---Type <return> to continue, or q <return> to quit--- #36 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #37 0x00002ba402c2bbca in xsltCallTemplate () from /usr/lib/libxslt.so.1 #38 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #39 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #40 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #41 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #42 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #43 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #44 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #45 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #46 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #47 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #48 0x00002ba402c2bbca in xsltCallTemplate () from /usr/lib/libxslt.so.1 #49 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #50 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #51 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #52 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #53 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #54 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #55 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #56 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #57 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #58 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #59 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #60 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #61 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #62 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #63 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #64 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #65 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #66 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #67 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #68 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #69 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #70 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #71 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 ---Type <return> to continue, or q <return> to quit--- #72 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #73 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #74 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #75 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #76 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #77 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #78 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #79 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #80 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #81 0x00002ba402c2caea in xsltApplyTemplates () from /usr/lib/libxslt.so.1 #82 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #83 0x00002ba402c2e3bb in xsltCopy () from /usr/lib/libxslt.so.1 #84 0x00002ba402c2a176 in ?? () from /usr/lib/libxslt.so.1 #85 0x00002ba402c2b6be in ?? () from /usr/lib/libxslt.so.1 #86 0x00002ba402c2beaa in xsltProcessOneNode () from /usr/lib/libxslt.so.1 #87 0x00002ba402c2fddf in ?? () from /usr/lib/libxslt.so.1 #88 0x00000000007929b5 in ?? () #89 0x0000000000792d3d in zif_xsl_xsltprocessor_transform_to_xml () #90 0x000000000081e2fa in ?? () #91 0x000000000081f062 in ?? () #92 0x000000000081dd96 in execute () #93 0x00000000007f5ef8 in zend_execute_scripts () #94 0x0000000000799679 in php_execute_script () #95 0x000000000087884a in main () (gdb) ...And this one using "text.xml"... Program received signal SIGABRT, Aborted. [Switching to Thread 47939104691200 (LWP 29670)] 0x00002b99afce1cab in raise () from /lib/libc.so.6 (gdb) bt #0 0x00002b99afce1cab in raise () from /lib/libc.so.6 #1 0x00002b99afce3660 in abort () from /lib/libc.so.6 #2 0x00002b99afd1966b in ?? () from /lib/libc.so.6 #3 0x00002b99afd1ee47 in ?? () from /lib/libc.so.6 #4 0x00002b99afd21122 in ?? () from /lib/libc.so.6 #5 0x00002b99afd2298d in malloc () from /lib/libc.so.6 #6 0x00002b99af9c19ce in xmlBufferCreate () from /usr/lib/libxml2.so.2 #7 0x00002b99af9ca8e6 in xmlAllocOutputBuffer () from /usr/lib/libxml2.so.2 #8 0x00002b99af748626 in xsltSaveResultToString () from /usr/lib/libxslt.so.1 #9 0x0000000000792d68 in zif_xsl_xsltprocessor_transform_to_xml () #10 0x000000000081e2fa in ?? () #11 0x000000000081f062 in ?? () #12 0x000000000081dd96 in execute () #13 0x00000000007f5ef8 in zend_execute_scripts () #14 0x0000000000799679 in php_execute_script () #15 0x000000000087884a in main () (gdb) -- Edit bug report at http://bugs.php.net/?id=41086&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41086&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41086&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41086&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41086&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41086&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41086&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=41086&r=needscript Try newer version: http://bugs.php.net/fix.php?id=41086&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41086&r=support Expected behavior: http://bugs.php.net/fix.php?id=41086&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41086&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41086&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41086&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41086&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41086&r=dst IIS Stability: http://bugs.php.net/fix.php?id=41086&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41086&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41086&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41086&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=41086&r=mysqlcfg
