- Notifications
You must be signed in to change notification settings - Fork8k
Closed
Assignees
Description
Description
The following code:
https://3v4l.org/SaDYr#v8.4.10
PHP
<?php$xml_reader = \XMLReader::fromString('<sparql xmlns="http://www.w3.org/2005/sparql-results#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.w3.org/2001/sw/DataAccess/rf1/result2.xsd"> <head> <variable name="s"/> <variable name="p"/> </head> <results> <result> <binding name="s"><uri>https://assetmodel.moxio.com/concept/bestaat_uit</uri></binding> <binding name="p"><uri>http://www.w3.org/1999/02/22-rdf-syntax-ns#type</uri></binding> </result> <result> <binding name="s"><uri>https://assetmodel.moxio.com/concept/bestaat_uit</uri></binding> </result> </results></sparql>');$success =$xml_reader->next("sparql");assert($success,"The XML-reply should start with a sparql element");$success =$xml_reader->read();assert($success,"It should be possible to move into the sparql element");$success =$xml_reader->next("head");assert($success,"The sparql element should contain a head element");$success =$xml_reader->read();assert($success,"It should be possible to move into the sparql element");$success =$xml_reader->next("results");assert($success,"The sparql element should contain a head element");while ($xml_reader->read() ===true) {if ($xml_reader->next("result") ===true) {$result_as_dom_node =$xml_reader->expand();assert($result_as_dom_node !==false,"The result-element could not be expanded to a dom node");/** @var \DOMNode $binding_node */foreach ($result_as_dom_node->childNodesas$binding_node) {if ($binding_node->nodeType ===XML_ELEMENT_NODE) {$variable_name =$binding_node->getAttribute("name");/** @var \DOMNode $binding_value_node */foreach ($binding_node->childNodesas$binding_value_node) { } } } }}
Resulted in this output:
Segmentation fault (core dumped)But I expected this output instead:not crashing my php process :)
GDB output:
(gdb)set args SegfaultTest.php(gdb) runStarting program: /usr/local/bin/php SegfaultTest.phpwarning: Error disabling address space randomization: Operation not permitted[Thread debugging using libthread_db enabled]Using host libthread_db library"/lib/x86_64-linux-gnu/libthread_db.so.1".Program received signal SIGSEGV, Segmentation fault.0x00005c8bc6064d7cin php_libxml_node_free (node=0x5c8bcb5dad70) at /root/php-src/ext/libxml/libxml.c:283283 header->ns_hook(header, node);(gdb) print header$1 = (php_libxml_private_data_header*) 0x7365622f74706562(gdb) info frame 0Stack frame at 0x7ffc2eb466f0: rip = 0x5c8bc6064d7cin php_libxml_node_free (/root/php-src/ext/libxml/libxml.c:283); saved rip = 0x5c8bc6067dbb called by frame at 0x7ffc2eb46710source language c. Arglist at 0x7ffc2eb466e0, args: node=0x5c8bcb5dad70 Locals at 0x7ffc2eb466e0, Previous frame's sp is 0x7ffc2eb466f0 Saved registers: rbp at 0x7ffc2eb466e0, rip at 0x7ffc2eb466e8(gdb) info registersrax 0x7365622f74706562 8315160242965996898rbx 0x7ffc2eb494b8 140721092072632rcx 0x6 6rdx 0x5c8bc686080c 101755400882188rsi 0x3 3rdi 0x5c8bcb5dad70 101755482123632rbp 0x7ffc2eb466e0 0x7ffc2eb466e0rsp 0x7ffc2eb46690 0x7ffc2eb46690r8 0x7 7r9 0x5c8bcb5dae10 101755482123792r10 0x7cf791b8d3473b5 562801637684704181r11 0x748d79985a80 128150979238528r12 0x0 0r13 0x7ffc2eb494d0 140721092072656r14 0x748d76015020 128150919008288r15 0x748d76099940 128150919551296rip 0x5c8bc6064d7c 0x5c8bc6064d7c <php_libxml_node_free+945>eflags 0x10202 [ IF RF ]cs 0x33 51ss 0x2b 43ds 0x0 0es 0x0 0fs 0x0 0gs 0x0 0
PHP Version
PHP 8.4.10-dev (cli) (built: Jul 11 2025 19:49:26) (NTS DEBUG)Copyright (c) The PHP GroupZend Engine v4.4.10-dev, Copyright (c) Zend TechnologiesOperating System
Debian GNU/Linux 12 (bookworm)