Skip to content

Segmentation fault in ext/xmlreader/php_xmlreader.c:1282 #16292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
YuanchengJiang opened this issue Oct 8, 2024 · 0 comments
Closed

Segmentation fault in ext/xmlreader/php_xmlreader.c:1282 #16292

YuanchengJiang opened this issue Oct 8, 2024 · 0 comments
Assignees
@nielsdos
Labels
Bug Extension: xmlreader Status: Verified

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
$character_data = new DOMCharacterData();
$fusion = $character_data;
$xmlstring = '<?xml version="1.0" encoding="UTF-8"?>
<books><book>new book</book></books>';
$reader = new XMLReader();
$reader->XML($xmlstring);
while ($reader->read()) {
if ($reader->localName == "book") {
$node = $reader->expand($fusion);
}
}

Resulted in this output:

/php-src/ext/xmlreader/php_xmlreader.c:1282:3: runtime error: member access within misaligned address 0x000000000001 for type 'zend_class_entry' (aka 'struct _zend_class_entry'), which requires 8 byte alignment
0x000000000001: note: pointer points here
<memory cannot be printed>
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/xmlreader/php_xmlreader.c:1282:3

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04
nielsdos added a commit to nielsdos/php-src that referenced this issue Oct 8, 2024
@nielsdos
Fix phpGH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:…
0e80541 
…1282

3 issues:
1) RETURN_NULL() was used via the macro NODE_GET_OBJ(), but the function
   returns false on failure and cannot return null according to its
   stub.
2) The struct layout of the different implementors of libxml only
   guarantees overlap between the node pointer and the document
   reference, so accessing the std zend_object may not work.
3) DOC_GET_OBJ() wasn't using ZSTR_VAL().
@nielsdos nielsdos linked a pull request Oct 8, 2024 that will close this issue
Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282 #16307
Closed
nielsdos added a commit that referenced this issue Oct 8, 2024
@nielsdos
Merge branch 'PHP-8.2' into PHP-8.3
54eab7b 
* PHP-8.2:
  Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282
nielsdos added a commit that referenced this issue Oct 8, 2024
@nielsdos
Merge branch 'PHP-8.3' into PHP-8.4
1f84f5c 
* PHP-8.3:
  Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282
nielsdos added a commit that referenced this issue Oct 8, 2024
@nielsdos
Merge branch 'PHP-8.4'
dd0ced3 
* PHP-8.4:
  Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nielsdos nielsdos

Labels
Bug Extension: xmlreader Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282 nielsdos/php-src
3 participants
@devnexen @nielsdos @YuanchengJiang