Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault with requesting nodeName on nameless doctype #17500

Closed
willaix opened this issue Jan 17, 2025 · 1 comment
Closed

Segfault with requesting nodeName on nameless doctype #17500

willaix opened this issue Jan 17, 2025 · 1 comment
Assignees
@nielsdos
Labels
Bug Extension: dom Status: Verified

Comments

@willaix
Copy link

willaix commented Jan 17, 2025

Description

The following code:

<?php

$html = "<div> <!DOCTYPE> <!DOCTYPE html> </div>";
$doc = new \DOMDocument();
$load_result = $doc->loadHTML($html);

foreach ($doc->childNodes as $childNode) {
    var_dump($childNode);
}

Resulted in this output:

Segmentation fault (core dumped)

(gdb) bt
#0  0x00007fb7a8eab0fd in __strlen_avx2 () from /lib64/libc.so.6
#1  0x00007fb794e1fff0 in dom_node_node_name_read () from /usr/lib64/php/modules/dom.so
#2  0x00007fb794e0d22a in dom_read_property () from /usr/lib64/php/modules/dom.so
#3  0x0000555feeb3f42c in ZEND_FETCH_OBJ_R_SPEC_CV_CONST_INLINE_HANDLER () at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/Zend/zend_vm_execute.h:41859
#4  ZEND_FETCH_OBJ_R_SPEC_CV_CONST_HANDLER () at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/Zend/zend_vm_execute.h:41888
#5  0x0000555feeb749c5 in execute_ex (ex=0x0) at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/Zend/zend_vm_execute.h:60841
#6  0x0000555feeb7dcf2 in zend_execute (op_array=0x7fb7a748d000, return_value=0x0) at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/Zend/zend_vm_execute.h:61634
#7  0x0000555feeb074c5 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/Zend/zend.c:1895
#8  0x0000555feea9ba7a in php_execute_script (primary_file=<optimized out>) at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/main/main.c:2529
#9  0x0000555feebf6202 in do_cli (argc=5, argv=0x5560131a9800) at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/sapi/cli/php_cli.c:966
#10 0x0000555fee927fd7 in main (argc=5, argv=0x5560131a9800) at /usr/src/debug/php-8.3.15-1.el8.remi.x86_64/sapi/cli/php_cli.c:1341

There is no segmentation fault with PHP 8.2.

Note that a similar issue was fixed in PDO : #14712

PHP Version

PHP 8.3.15

Operating System

No response
@nielsdos nielsdos self-assigned this Jan 17, 2025
@nielsdos
Copy link
Member

Note that a similar issue was fixed in PDO : #14712

No this looks completely different.

@nielsdos nielsdos changed the title Segmentation fault when iterating on DOMDocument nodes of an invalid HTML Segfault with requesting nodeName on nameless doctype Jan 17, 2025
nielsdos added a commit to nielsdos/php-src that referenced this issue Jan 17, 2025
@nielsdos
Fix phpGH-17500: Segfault with requesting nodeName on nameless doctype
011d1f9
nielsdos added a commit to nielsdos/php-src that referenced this issue Jan 17, 2025
@nielsdos
Fix phpGH-17500: Segfault with requesting nodeName on nameless doctype
e4184b4
@nielsdos nielsdos linked a pull request Jan 17, 2025 that will close this issue
Fix GH-17500: Segfault with requesting nodeName on nameless doctype #17501
Closed
nielsdos added a commit that referenced this issue Jan 17, 2025
@nielsdos
Merge branch 'PHP-8.3' into PHP-8.4
525aeff 
* PHP-8.3:
  Fix GH-17500: Segfault with requesting nodeName on nameless doctype
nielsdos added a commit that referenced this issue Jan 17, 2025
@nielsdos
Merge branch 'PHP-8.4'
5471f11 
* PHP-8.4:
  Fix GH-17500: Segfault with requesting nodeName on nameless doctype
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nielsdos nielsdos

Labels
Bug Extension: dom Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-17500: Segfault with requesting nodeName on nameless doctype nielsdos/php-src
2 participants
@nielsdos @willaix