Skip to content

SimpleXML crash when using autovivification on document #17153

New issue
New issue
Closed
Closed
SimpleXML crash when using autovivification on document#17153
Labels
BugExtension: simplexmlStatus: Verified
@YuanchengJiang

Description

@YuanchengJiang
YuanchengJiang
opened on Dec 14, 2024

Description

The following code:

<?php
class AdvancedXMLElement extends SimpleXMLElement {
}
$sxe = simplexml_load_file(__DIR__ . '/53965/collection.xml', AdvancedXMLElement::class);
$processor = new XSLTProcessor;
$dom = new DOMDocument;
$dom->load(__DIR__ . '/53965/collection.xsl');
$processor->importStylesheet($dom);
$result = $processor->transformToDoc($sxe, AdvancedXMLElement::class);
$fusion = $result;
$x = (object)['a'=>1,'b'=>2,'c'=>3,'d'=>4,'e'=>5,'f'=>6,'g'=>7];
$fusion->h =& $x->i;
var_dump(get_defined_vars());

Resulted in this output:

=================================================================
==3489492==ERROR: AddressSanitizer: SEGV on unknown address 0x00009fff8003 (pc 0x00000262ad8c bp 0x7ffcc685bdf0 sp 0x7ffcc685bd30 T0)
==3489492==The signal is caused by a READ memory access.
    #0 0x262ad8c in match_ns /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/simplexml/simplexml.c:111:53
    #1 0x2643881 in sxe_get_prop_hash /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/simplexml/simplexml.c:1145:45
    #2 0x2625d97 in sxe_get_debug_info /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/simplexml/simplexml.c:1201:9
    #3 0x4b9fffa in zend_std_get_properties_for /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_object_handlers.c:2388:10
    #4 0x4ba0d11 in zend_get_properties_for /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_object_handlers.c:2437:9
    #5 0x3242a6a in php_var_dump /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/standard/var.c:178:11
    #6 0x3244cbe in php_array_element_dump /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/standard/var.c:51:2
    #7 0x32417e6 in php_var_dump /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/standard/var.c:152:5
    #8 0x3246bda in zif_var_dump /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/standard/var.c:245:3
    #9 0x4484b19 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:1299:2
    #10 0x3f7c237 in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:58595:7
    #11 0x3f7e4bc in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:64247:2
    #12 0x4d151c9 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1934:3
    #13 0x35298da in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2577:13
    #14 0x352aa18 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2617:9
    #15 0x4d294da in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:938:5
    #16 0x4d239bf in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1313:18
    #17 0x7f36cec45d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #18 0x7f36cec45e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #19 0x605934 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x605934)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/simplexml/simplexml.c:111:53 in match_ns
==3489492==ABORTING

dependency: collection.xml

PHP Version

nightly

Operating System

ubuntu 22.04

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugExtension: simplexmlStatus: Verified

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions