From d2540cbe1bdc9bc966b7ebfa820726431a613402 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 5 Aug 2023 21:27:02 +0200 Subject: [PATCH 1/2] Add tests with broken output --- .../tests/gh11830/attribute_variation.phpt | 54 +++ ext/dom/tests/gh11830/document_variation.phpt | 120 +++++++ .../tests/gh11830/hierarchy_variation.phpt | 307 ++++++++++++++++++ ext/dom/tests/gh11830/type_variation.phpt | 111 +++++++ 4 files changed, 592 insertions(+) create mode 100644 ext/dom/tests/gh11830/attribute_variation.phpt create mode 100644 ext/dom/tests/gh11830/document_variation.phpt create mode 100644 ext/dom/tests/gh11830/hierarchy_variation.phpt create mode 100644 ext/dom/tests/gh11830/type_variation.phpt diff --git a/ext/dom/tests/gh11830/attribute_variation.phpt b/ext/dom/tests/gh11830/attribute_variation.phpt new file mode 100644 index 0000000000000..7307cd9c25e05 --- /dev/null +++ b/ext/dom/tests/gh11830/attribute_variation.phpt @@ -0,0 +1,54 @@ +--TEST-- +GH-11830 (ParentNode methods should perform their checks upfront) - attribute variation +--EXTENSIONS-- +dom +--FILE-- +loadXML(<< + + + +XML); + +try { + $doc->documentElement->firstElementChild->prepend($doc->documentElement->attributes[0]); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->append($doc->documentElement->attributes[0]); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->before($doc->documentElement->attributes[0]); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->after($doc->documentElement->attributes[0]); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->replaceWith($doc->documentElement->attributes[0]); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +echo $doc->saveXML(); +?> +--EXPECTF-- +Hierarchy Request Error + +Fatal error: Uncaught TypeError: DOMElement::append(): Argument #1 must be of type DOMNode|string, null given in %s:%d +Stack trace: +#0 %s(%d): DOMElement->append(NULL) +#1 {main} + thrown in %s on line %d diff --git a/ext/dom/tests/gh11830/document_variation.phpt b/ext/dom/tests/gh11830/document_variation.phpt new file mode 100644 index 0000000000000..0d6a81a297087 --- /dev/null +++ b/ext/dom/tests/gh11830/document_variation.phpt @@ -0,0 +1,120 @@ +--TEST-- +GH-11830 (ParentNode methods should perform their checks upfront) - document variation +--EXTENSIONS-- +dom +--FILE-- +loadXML(<< + +XML); + +$otherElement = $otherDoc->documentElement; + +$doc = new DOMDocument; +$doc->loadXML(<< + + + + +XML); + +$testElement = $doc->documentElement->firstElementChild->nextElementSibling->firstElementChild; + +try { + $doc->documentElement->firstElementChild->prepend($testElement, $otherElement); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->append($testElement, $otherElement); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->before($testElement, $otherElement); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->after($testElement, $otherElement); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->replaceWith($testElement, $otherElement); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +echo $otherDoc->saveXML(); +echo $doc->saveXML(); +?> +--EXPECTF-- +Wrong Document Error +================================================================= +==1135851==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000af1c0 at pc 0x565380462cc1 bp 0x7ffed07874f0 sp 0x7ffed07874e0 +READ of size 8 at 0x60c0000af1c0 thread T0 + #0 0x565380462cc0 in dom_hierarchy /home/niels/php-src/ext/dom/php_dom.c:1304 + #1 0x565380478218 in dom_hierarchy_node_list /home/niels/php-src/ext/dom/parentnode.c:274 + #2 0x565380478273 in dom_parent_node_append /home/niels/php-src/ext/dom/parentnode.c:289 + #3 0x565380488cee in zim_DOMElement_append /home/niels/php-src/ext/dom/element.c:1189 + #4 0x565380c151ec in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /home/niels/php-src/Zend/zend_vm_execute.h:1761 + #5 0x565380d5b3bc in execute_ex /home/niels/php-src/Zend/zend_vm_execute.h:55819 + #6 0x565380d6d276 in zend_execute /home/niels/php-src/Zend/zend_vm_execute.h:60163 + #7 0x565380b7c57a in zend_execute_scripts /home/niels/php-src/Zend/zend.c:1846 + #8 0x565380a11a4a in php_execute_script /home/niels/php-src/main/main.c:2542 + #9 0x565380f46113 in do_cli /home/niels/php-src/sapi/cli/php_cli.c:965 + #10 0x565380f48391 in main %s:%d + #11 0x7fbda2d9e84f (/usr/lib/libc.so.6+0x2384f) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) + #12 0x7fbda2d9e909 in __libc_start_main (/usr/lib/libc.so.6+0x23909) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) + #13 0x565380203964 in _start (/home/niels/php-src/sapi/cli/php+0x403964) (BuildId: fe4174ba3c0d6fdc19db756f37e7f7f681145c4d) + +0x60c0000af1c0 is located 64 bytes inside of 120-byte region [0x60c0000af180,0x60c0000af1f8) +freed by thread T0 here: + #0 0x7fbda32dfdc2 in __interceptor_free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52 + #1 0x7fbda3104029 in xmlFreeNodeList /home/niels/libxml2/tree.c:3817 + +previously allocated by thread T0 here: + #0 0x7fbda32e1369 in __interceptor_malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7fbda3102bd0 in xmlNewNodeEatName /home/niels/libxml2/tree.c:2317 + +SUMMARY: AddressSanitizer: heap-use-after-free /home/niels/php-src/ext/dom/php_dom.c:1304 in dom_hierarchy +Shadow bytes around the buggy address: + 0x60c0000aef00: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 + 0x60c0000aef80: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa + 0x60c0000af000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa + 0x60c0000af080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 + 0x60c0000af100: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa +=>0x60c0000af180: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fa + 0x60c0000af200: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 + 0x60c0000af280: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa + 0x60c0000af300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa + 0x60c0000af380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x60c0000af400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa +Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Heap left redzone: fa + Freed heap region: fd + Stack left redzone: f1 + Stack mid redzone: f2 + Stack right redzone: f3 + Stack after return: f5 + Stack use after scope: f8 + Global redzone: f9 + Global init order: f6 + Poisoned by user: f7 + Container overflow: fc + Array cookie: ac + Intra object redzone: bb + ASan internal: fe + Left alloca redzone: ca + Right alloca redzone: cb +==1135851==ABORTING diff --git a/ext/dom/tests/gh11830/hierarchy_variation.phpt b/ext/dom/tests/gh11830/hierarchy_variation.phpt new file mode 100644 index 0000000000000..205ea28c0a9ca --- /dev/null +++ b/ext/dom/tests/gh11830/hierarchy_variation.phpt @@ -0,0 +1,307 @@ +--TEST-- +GH-11830 (ParentNode methods should perform their checks upfront) - hierarchy variation +--EXTENSIONS-- +dom +--FILE-- +loadXML(<< + + + + +XML); + +$container = $doc->documentElement; +$alone = $container->firstElementChild; +$testElement = $alone->nextElementSibling->firstElementChild; + +try { + $testElement->prepend($alone, $container); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $testElement->append($alone, $container); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $testElement->before($alone, $container); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $testElement->after($alone, $container); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +try { + $testElement->replaceWith($alone, $container); +} catch (\DOMException $e) { + echo $e->getMessage(), "\n"; +} + +echo $doc->saveXML(); +?> +--EXPECT-- +Hierarchy Request Error +Hierarchy Request Error +AddressSanitizer:DEADLYSIGNAL +================================================================= +==1135853==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd657f8ff8 (pc 0x562d1f8639ed bp 0x7ffd657f9030 sp 0x7ffd657f8ff0 T0) + #0 0x562d1f8639ed in dom_reconcile_ns_internal /home/niels/php-src/ext/dom/php_dom.c:1463 + #1 0x562d1f863ede in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1515 + #2 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #3 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #4 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #5 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #6 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #7 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #8 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #9 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #10 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #11 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #12 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #13 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #14 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #15 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #16 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #17 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #18 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #19 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #20 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #21 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #22 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #23 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #24 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #25 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #26 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #27 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #28 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #29 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #30 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #31 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #32 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #33 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #34 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #35 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #36 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #37 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #38 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #39 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #40 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #41 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #42 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #43 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #44 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #45 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #46 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #47 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #48 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #49 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #50 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #51 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #52 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #53 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #54 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #55 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #56 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #57 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #58 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #59 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #60 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #61 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #62 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #63 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #64 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #65 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #66 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #67 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #68 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #69 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #70 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #71 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #72 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #73 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #74 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #75 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #76 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #77 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #78 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #79 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #80 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #81 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #82 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #83 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #84 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #85 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #86 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #87 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #88 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #89 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #90 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #91 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #92 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #93 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #94 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #95 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #96 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #97 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #98 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #99 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #100 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #101 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #102 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #103 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #104 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #105 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #106 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #107 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #108 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #109 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #110 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #111 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #112 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #113 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #114 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #115 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #116 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #117 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #118 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #119 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #120 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #121 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #122 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #123 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #124 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #125 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #126 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #127 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #128 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #129 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #130 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #131 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #132 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #133 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #134 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #135 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #136 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #137 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #138 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #139 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #140 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #141 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #142 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #143 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #144 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #145 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #146 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #147 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #148 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #149 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #150 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #151 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #152 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #153 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #154 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #155 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #156 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #157 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #158 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #159 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #160 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #161 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #162 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #163 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #164 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #165 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #166 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #167 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #168 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #169 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #170 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #171 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #172 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #173 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #174 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #175 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #176 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #177 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #178 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #179 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #180 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #181 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #182 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #183 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #184 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #185 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #186 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #187 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #188 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #189 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #190 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #191 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #192 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #193 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #194 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #195 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #196 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #197 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #198 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #199 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #200 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #201 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #202 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #203 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #204 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #205 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #206 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #207 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #208 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #209 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #210 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #211 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #212 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #213 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #214 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #215 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #216 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #217 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #218 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #219 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #220 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #221 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #222 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #223 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #224 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #225 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #226 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #227 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #228 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #229 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #230 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #231 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #232 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #233 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #234 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #235 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #236 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #237 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #238 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #239 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #240 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #241 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #242 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #243 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #244 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #245 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + #246 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 + +SUMMARY: AddressSanitizer: stack-overflow /home/niels/php-src/ext/dom/php_dom.c:1463 in dom_reconcile_ns_internal +==1135853==ABORTING diff --git a/ext/dom/tests/gh11830/type_variation.phpt b/ext/dom/tests/gh11830/type_variation.phpt new file mode 100644 index 0000000000000..3c4b483602303 --- /dev/null +++ b/ext/dom/tests/gh11830/type_variation.phpt @@ -0,0 +1,111 @@ +--TEST-- +GH-11830 (ParentNode methods should perform their checks upfront) - type variation +--EXTENSIONS-- +dom +--FILE-- +loadXML(<< + + + + +XML); + +$testElement = $doc->documentElement->firstElementChild->nextElementSibling->firstElementChild; + +try { + $doc->documentElement->firstElementChild->prepend($testElement, 0); +} catch (\TypeError $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->append($testElement, true); +} catch (\TypeError $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->before($testElement, null); +} catch (\TypeError $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->after($testElement, new stdClass); +} catch (\TypeError $e) { + echo $e->getMessage(), "\n"; +} + +try { + $doc->documentElement->firstElementChild->replaceWith($testElement, []); +} catch (\TypeError $e) { + echo $e->getMessage(), "\n"; +} + +echo $doc->saveXML(); +?> +--EXPECTF-- +DOMElement::prepend(): Argument #2 must be of type DOMNode|string, int given +================================================================= +==1135855==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000aef80 at pc 0x55a9f3e62cc1 bp 0x7fff33f0cde0 sp 0x7fff33f0cdd0 +READ of size 8 at 0x60c0000aef80 thread T0 + #0 0x55a9f3e62cc0 in dom_hierarchy /home/niels/php-src/ext/dom/php_dom.c:1304 + #1 0x55a9f3e78218 in dom_hierarchy_node_list /home/niels/php-src/ext/dom/parentnode.c:274 + #2 0x55a9f3e78273 in dom_parent_node_append /home/niels/php-src/ext/dom/parentnode.c:289 + #3 0x55a9f3e88cee in zim_DOMElement_append /home/niels/php-src/ext/dom/element.c:1189 + #4 0x55a9f46151ec in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /home/niels/php-src/Zend/zend_vm_execute.h:1761 + #5 0x55a9f475b3bc in execute_ex /home/niels/php-src/Zend/zend_vm_execute.h:55819 + #6 0x55a9f476d276 in zend_execute /home/niels/php-src/Zend/zend_vm_execute.h:60163 + #7 0x55a9f457c57a in zend_execute_scripts /home/niels/php-src/Zend/zend.c:1846 + #8 0x55a9f4411a4a in php_execute_script /home/niels/php-src/main/main.c:2542 + #9 0x55a9f4946113 in do_cli /home/niels/php-src/sapi/cli/php_cli.c:965 + #10 0x55a9f4948391 in main %s:%d + #11 0x7fc94cc9784f (/usr/lib/libc.so.6+0x2384f) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) + #12 0x7fc94cc97909 in __libc_start_main (/usr/lib/libc.so.6+0x23909) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) + #13 0x55a9f3c03964 in _start (/home/niels/php-src/sapi/cli/php+0x403964) (BuildId: fe4174ba3c0d6fdc19db756f37e7f7f681145c4d) + +0x60c0000aef80 is located 64 bytes inside of 120-byte region [0x60c0000aef40,0x60c0000aefb8) +freed by thread T0 here: + #0 0x7fc94d2dfdc2 in __interceptor_free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52 + #1 0x7fc94cfb0029 in xmlFreeNodeList /home/niels/libxml2/tree.c:3817 + +previously allocated by thread T0 here: + #0 0x7fc94d2e1369 in __interceptor_malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7fc94cfaebd0 in xmlNewNodeEatName /home/niels/libxml2/tree.c:2317 + +SUMMARY: AddressSanitizer: heap-use-after-free /home/niels/php-src/ext/dom/php_dom.c:1304 in dom_hierarchy +Shadow bytes around the buggy address: + 0x60c0000aed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa + 0x60c0000aed80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 + 0x60c0000aee00: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa + 0x60c0000aee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa + 0x60c0000aef00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd +=>0x60c0000aef80:[fd]fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa + 0x60c0000af000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa + 0x60c0000af080: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd + 0x60c0000af100: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa + 0x60c0000af180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x60c0000af200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa +Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Heap left redzone: fa + Freed heap region: fd + Stack left redzone: f1 + Stack mid redzone: f2 + Stack right redzone: f3 + Stack after return: f5 + Stack use after scope: f8 + Global redzone: f9 + Global init order: f6 + Poisoned by user: f7 + Container overflow: fc + Array cookie: ac + Intra object redzone: bb + ASan internal: fe + Left alloca redzone: ca + Right alloca redzone: cb +==1135855==ABORTING From e5c3d6bcb8861617d49df45c7acf9c03b61132f3 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 5 Aug 2023 21:27:15 +0200 Subject: [PATCH 2/2] Fix GH-11830: ParentNode methods should perform their checks upfront --- ext/dom/parentnode.c | 149 +++++----- .../tests/gh11830/attribute_variation.phpt | 16 +- ext/dom/tests/gh11830/document_variation.phpt | 73 +---- .../tests/gh11830/hierarchy_variation.phpt | 261 +----------------- ext/dom/tests/gh11830/type_variation.phpt | 71 +---- 5 files changed, 118 insertions(+), 452 deletions(-) diff --git a/ext/dom/parentnode.c b/ext/dom/parentnode.c index 8467fbf0603a4..df14f194bcb07 100644 --- a/ext/dom/parentnode.c +++ b/ext/dom/parentnode.c @@ -141,26 +141,24 @@ static bool dom_is_node_in_list(const zval *nodes, int nodesc, const xmlNodePtr return false; } +static xmlDocPtr dom_doc_from_context_node(xmlNodePtr contextNode) +{ + if (contextNode->type == XML_DOCUMENT_NODE || contextNode->type == XML_HTML_DOCUMENT_NODE) { + return (xmlDocPtr) contextNode; + } else { + return contextNode->doc; + } +} + xmlNode* dom_zvals_to_fragment(php_libxml_ref_obj *document, xmlNode *contextNode, zval *nodes, int nodesc) { int i; xmlDoc *documentNode; xmlNode *fragment; xmlNode *newNode; - zend_class_entry *ce; dom_object *newNodeObj; - int stricterror; - - if (document == NULL) { - php_dom_throw_error(HIERARCHY_REQUEST_ERR, 1); - return NULL; - } - if (contextNode->type == XML_DOCUMENT_NODE || contextNode->type == XML_HTML_DOCUMENT_NODE) { - documentNode = (xmlDoc *) contextNode; - } else { - documentNode = contextNode->doc; - } + documentNode = dom_doc_from_context_node(contextNode); fragment = xmlNewDocFragment(documentNode); @@ -168,80 +166,59 @@ xmlNode* dom_zvals_to_fragment(php_libxml_ref_obj *document, xmlNode *contextNod return NULL; } - stricterror = dom_get_strict_error(document); - for (i = 0; i < nodesc; i++) { if (Z_TYPE(nodes[i]) == IS_OBJECT) { - ce = Z_OBJCE(nodes[i]); + newNodeObj = Z_DOMOBJ_P(&nodes[i]); + newNode = dom_object_get_node(newNodeObj); - if (instanceof_function(ce, dom_node_class_entry)) { - newNodeObj = Z_DOMOBJ_P(&nodes[i]); - newNode = dom_object_get_node(newNodeObj); - - if (newNode->doc != documentNode) { - php_dom_throw_error(WRONG_DOCUMENT_ERR, stricterror); - goto err; - } + if (newNode->parent != NULL) { + xmlUnlinkNode(newNode); + } - if (newNode->parent != NULL) { - xmlUnlinkNode(newNode); - } + newNodeObj->document = document; + xmlSetTreeDoc(newNode, documentNode); - newNodeObj->document = document; - xmlSetTreeDoc(newNode, documentNode); + /* Citing from the docs (https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-tree.html#xmlAddChild): + * "Add a new node to @parent, at the end of the child (or property) list merging adjacent TEXT nodes (in which case @cur is freed)". + * So we must take a copy if this situation arises to prevent a use-after-free. */ + bool will_free = newNode->type == XML_TEXT_NODE && fragment->last && fragment->last->type == XML_TEXT_NODE; + if (will_free) { + newNode = xmlCopyNode(newNode, 1); + } - if (newNode->type == XML_ATTRIBUTE_NODE) { - goto hierarchy_request_err; + if (newNode->type == XML_DOCUMENT_FRAG_NODE) { + /* Unpack document fragment nodes, the behaviour differs for different libxml2 versions. */ + newNode = newNode->children; + while (newNode) { + xmlNodePtr next = newNode->next; + xmlUnlinkNode(newNode); + if (!xmlAddChild(fragment, newNode)) { + goto err; + } + newNode = next; } - - /* Citing from the docs (https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-tree.html#xmlAddChild): - * "Add a new node to @parent, at the end of the child (or property) list merging adjacent TEXT nodes (in which case @cur is freed)". - * So we must take a copy if this situation arises to prevent a use-after-free. */ - bool will_free = newNode->type == XML_TEXT_NODE && fragment->last && fragment->last->type == XML_TEXT_NODE; + } else if (!xmlAddChild(fragment, newNode)) { if (will_free) { - newNode = xmlCopyNode(newNode, 1); - } - - if (newNode->type == XML_DOCUMENT_FRAG_NODE) { - /* Unpack document fragment nodes, the behaviour differs for different libxml2 versions. */ - newNode = newNode->children; - while (newNode) { - xmlNodePtr next = newNode->next; - xmlUnlinkNode(newNode); - if (!xmlAddChild(fragment, newNode)) { - goto hierarchy_request_err; - } - newNode = next; - } - } else if (!xmlAddChild(fragment, newNode)) { - if (will_free) { - xmlFreeNode(newNode); - } - goto hierarchy_request_err; + xmlFreeNode(newNode); } - } else { - zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i])); goto err; } - } else if (Z_TYPE(nodes[i]) == IS_STRING) { + } else { + ZEND_ASSERT(Z_TYPE(nodes[i]) == IS_STRING); + newNode = xmlNewDocText(documentNode, (xmlChar *) Z_STRVAL(nodes[i])); xmlSetTreeDoc(newNode, documentNode); if (!xmlAddChild(fragment, newNode)) { xmlFreeNode(newNode); - goto hierarchy_request_err; + goto err; } - } else { - zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i])); - goto err; } } return fragment; -hierarchy_request_err: - php_dom_throw_error(HIERARCHY_REQUEST_ERR, stricterror); err: xmlFreeNode(fragment); return NULL; @@ -264,17 +241,39 @@ static void dom_fragment_assign_parent_node(xmlNodePtr parentNode, xmlNodePtr fr fragment->last = NULL; } -static zend_result dom_hierarchy_node_list(xmlNodePtr parentNode, zval *nodes, int nodesc) +static zend_result dom_sanity_check_node_list_for_insertion(php_libxml_ref_obj *document, xmlNodePtr parentNode, zval *nodes, int nodesc) { + if (document == NULL) { + php_dom_throw_error(HIERARCHY_REQUEST_ERR, 1); + return FAILURE; + } + + xmlDocPtr documentNode = dom_doc_from_context_node(parentNode); + for (int i = 0; i < nodesc; i++) { - if (Z_TYPE(nodes[i]) == IS_OBJECT) { + zend_uchar type = Z_TYPE(nodes[i]); + if (type == IS_OBJECT) { const zend_class_entry *ce = Z_OBJCE(nodes[i]); if (instanceof_function(ce, dom_node_class_entry)) { - if (dom_hierarchy(parentNode, dom_object_get_node(Z_DOMOBJ_P(nodes + i))) != SUCCESS) { + xmlNodePtr node = dom_object_get_node(Z_DOMOBJ_P(nodes + i)); + + if (node->doc != documentNode) { + php_dom_throw_error(WRONG_DOCUMENT_ERR, dom_get_strict_error(document)); return FAILURE; } + + if (node->type == XML_ATTRIBUTE_NODE || dom_hierarchy(parentNode, node) != SUCCESS) { + php_dom_throw_error(HIERARCHY_REQUEST_ERR, dom_get_strict_error(document)); + return FAILURE; + } + } else { + zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i])); + return FAILURE; } + } else if (type != IS_STRING) { + zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i])); + return FAILURE; } } @@ -286,8 +285,7 @@ void dom_parent_node_append(dom_object *context, zval *nodes, int nodesc) xmlNode *parentNode = dom_object_get_node(context); xmlNodePtr newchild, prevsib; - if (UNEXPECTED(dom_hierarchy_node_list(parentNode, nodes, nodesc) != SUCCESS)) { - php_dom_throw_error(HIERARCHY_REQUEST_ERR, dom_get_strict_error(context->document)); + if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) { return; } @@ -329,8 +327,7 @@ void dom_parent_node_prepend(dom_object *context, zval *nodes, int nodesc) return; } - if (UNEXPECTED(dom_hierarchy_node_list(parentNode, nodes, nodesc) != SUCCESS)) { - php_dom_throw_error(HIERARCHY_REQUEST_ERR, dom_get_strict_error(context->document)); + if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) { return; } @@ -414,6 +411,10 @@ void dom_parent_node_after(dom_object *context, zval *nodes, int nodesc) doc = prevsib->doc; + if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) { + return; + } + /* Spec step 4: convert nodes into fragment */ fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc); @@ -465,6 +466,10 @@ void dom_parent_node_before(dom_object *context, zval *nodes, int nodesc) doc = nextsib->doc; + if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) { + return; + } + /* Spec step 4: convert nodes into fragment */ fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc); @@ -555,6 +560,10 @@ void dom_child_replace_with(dom_object *context, zval *nodes, int nodesc) xmlNodePtr insertion_point = child->next; + if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) { + return; + } + xmlNodePtr fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc); if (UNEXPECTED(fragment == NULL)) { return; diff --git a/ext/dom/tests/gh11830/attribute_variation.phpt b/ext/dom/tests/gh11830/attribute_variation.phpt index 7307cd9c25e05..34a6f094f58f2 100644 --- a/ext/dom/tests/gh11830/attribute_variation.phpt +++ b/ext/dom/tests/gh11830/attribute_variation.phpt @@ -44,11 +44,13 @@ try { echo $doc->saveXML(); ?> ---EXPECTF-- +--EXPECT-- Hierarchy Request Error - -Fatal error: Uncaught TypeError: DOMElement::append(): Argument #1 must be of type DOMNode|string, null given in %s:%d -Stack trace: -#0 %s(%d): DOMElement->append(NULL) -#1 {main} - thrown in %s on line %d +Hierarchy Request Error +Hierarchy Request Error +Hierarchy Request Error +Hierarchy Request Error + + + + diff --git a/ext/dom/tests/gh11830/document_variation.phpt b/ext/dom/tests/gh11830/document_variation.phpt index 0d6a81a297087..89eed3dff22c0 100644 --- a/ext/dom/tests/gh11830/document_variation.phpt +++ b/ext/dom/tests/gh11830/document_variation.phpt @@ -56,65 +56,16 @@ try { echo $otherDoc->saveXML(); echo $doc->saveXML(); ?> ---EXPECTF-- +--EXPECT-- Wrong Document Error -================================================================= -==1135851==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000af1c0 at pc 0x565380462cc1 bp 0x7ffed07874f0 sp 0x7ffed07874e0 -READ of size 8 at 0x60c0000af1c0 thread T0 - #0 0x565380462cc0 in dom_hierarchy /home/niels/php-src/ext/dom/php_dom.c:1304 - #1 0x565380478218 in dom_hierarchy_node_list /home/niels/php-src/ext/dom/parentnode.c:274 - #2 0x565380478273 in dom_parent_node_append /home/niels/php-src/ext/dom/parentnode.c:289 - #3 0x565380488cee in zim_DOMElement_append /home/niels/php-src/ext/dom/element.c:1189 - #4 0x565380c151ec in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /home/niels/php-src/Zend/zend_vm_execute.h:1761 - #5 0x565380d5b3bc in execute_ex /home/niels/php-src/Zend/zend_vm_execute.h:55819 - #6 0x565380d6d276 in zend_execute /home/niels/php-src/Zend/zend_vm_execute.h:60163 - #7 0x565380b7c57a in zend_execute_scripts /home/niels/php-src/Zend/zend.c:1846 - #8 0x565380a11a4a in php_execute_script /home/niels/php-src/main/main.c:2542 - #9 0x565380f46113 in do_cli /home/niels/php-src/sapi/cli/php_cli.c:965 - #10 0x565380f48391 in main %s:%d - #11 0x7fbda2d9e84f (/usr/lib/libc.so.6+0x2384f) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) - #12 0x7fbda2d9e909 in __libc_start_main (/usr/lib/libc.so.6+0x23909) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) - #13 0x565380203964 in _start (/home/niels/php-src/sapi/cli/php+0x403964) (BuildId: fe4174ba3c0d6fdc19db756f37e7f7f681145c4d) - -0x60c0000af1c0 is located 64 bytes inside of 120-byte region [0x60c0000af180,0x60c0000af1f8) -freed by thread T0 here: - #0 0x7fbda32dfdc2 in __interceptor_free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52 - #1 0x7fbda3104029 in xmlFreeNodeList /home/niels/libxml2/tree.c:3817 - -previously allocated by thread T0 here: - #0 0x7fbda32e1369 in __interceptor_malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:69 - #1 0x7fbda3102bd0 in xmlNewNodeEatName /home/niels/libxml2/tree.c:2317 - -SUMMARY: AddressSanitizer: heap-use-after-free /home/niels/php-src/ext/dom/php_dom.c:1304 in dom_hierarchy -Shadow bytes around the buggy address: - 0x60c0000aef00: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 - 0x60c0000aef80: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa - 0x60c0000af000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa - 0x60c0000af080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 - 0x60c0000af100: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa -=>0x60c0000af180: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fa - 0x60c0000af200: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 - 0x60c0000af280: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa - 0x60c0000af300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa - 0x60c0000af380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa - 0x60c0000af400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa -Shadow byte legend (one shadow byte represents 8 application bytes): - Addressable: 00 - Partially addressable: 01 02 03 04 05 06 07 - Heap left redzone: fa - Freed heap region: fd - Stack left redzone: f1 - Stack mid redzone: f2 - Stack right redzone: f3 - Stack after return: f5 - Stack use after scope: f8 - Global redzone: f9 - Global init order: f6 - Poisoned by user: f7 - Container overflow: fc - Array cookie: ac - Intra object redzone: bb - ASan internal: fe - Left alloca redzone: ca - Right alloca redzone: cb -==1135851==ABORTING +Wrong Document Error +Wrong Document Error +Wrong Document Error +Wrong Document Error + + + + + + + diff --git a/ext/dom/tests/gh11830/hierarchy_variation.phpt b/ext/dom/tests/gh11830/hierarchy_variation.phpt index 205ea28c0a9ca..bd6534ee71b12 100644 --- a/ext/dom/tests/gh11830/hierarchy_variation.phpt +++ b/ext/dom/tests/gh11830/hierarchy_variation.phpt @@ -52,256 +52,11 @@ echo $doc->saveXML(); --EXPECT-- Hierarchy Request Error Hierarchy Request Error -AddressSanitizer:DEADLYSIGNAL -================================================================= -==1135853==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd657f8ff8 (pc 0x562d1f8639ed bp 0x7ffd657f9030 sp 0x7ffd657f8ff0 T0) - #0 0x562d1f8639ed in dom_reconcile_ns_internal /home/niels/php-src/ext/dom/php_dom.c:1463 - #1 0x562d1f863ede in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1515 - #2 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #3 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #4 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #5 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #6 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #7 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #8 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #9 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #10 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #11 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #12 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #13 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #14 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #15 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #16 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #17 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #18 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #19 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #20 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #21 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #22 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #23 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #24 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #25 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #26 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #27 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #28 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #29 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #30 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #31 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #32 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #33 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #34 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #35 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #36 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #37 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #38 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #39 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #40 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #41 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #42 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #43 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #44 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #45 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #46 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #47 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #48 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #49 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #50 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #51 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #52 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #53 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #54 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #55 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #56 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #57 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #58 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #59 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #60 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #61 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #62 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #63 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #64 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #65 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #66 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #67 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #68 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #69 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #70 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #71 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #72 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #73 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #74 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #75 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #76 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #77 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #78 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #79 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #80 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #81 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #82 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #83 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #84 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #85 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #86 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #87 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #88 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #89 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #90 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #91 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #92 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #93 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #94 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #95 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #96 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #97 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #98 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #99 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #100 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #101 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #102 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #103 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #104 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #105 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #106 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #107 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #108 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #109 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #110 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #111 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #112 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #113 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #114 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #115 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #116 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #117 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #118 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #119 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #120 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #121 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #122 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #123 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #124 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #125 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #126 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #127 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #128 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #129 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #130 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #131 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #132 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #133 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #134 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #135 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #136 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #137 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #138 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #139 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #140 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #141 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #142 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #143 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #144 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #145 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #146 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #147 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #148 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #149 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #150 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #151 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #152 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #153 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #154 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #155 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #156 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #157 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #158 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #159 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #160 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #161 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #162 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #163 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #164 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #165 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #166 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #167 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #168 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #169 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #170 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #171 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #172 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #173 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #174 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #175 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #176 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #177 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #178 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #179 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #180 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #181 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #182 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #183 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #184 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #185 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #186 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #187 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #188 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #189 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #190 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #191 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #192 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #193 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #194 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #195 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #196 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #197 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #198 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #199 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #200 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #201 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #202 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #203 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #204 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #205 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #206 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #207 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #208 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #209 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #210 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #211 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #212 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #213 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #214 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #215 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #216 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #217 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #218 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #219 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #220 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #221 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #222 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #223 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #224 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #225 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #226 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #227 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #228 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #229 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #230 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #231 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #232 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #233 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #234 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #235 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #236 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #237 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #238 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #239 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #240 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #241 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #242 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #243 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #244 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #245 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - #246 0x562d1f863f55 in dom_reconcile_ns_list_internal /home/niels/php-src/ext/dom/php_dom.c:1517 - -SUMMARY: AddressSanitizer: stack-overflow /home/niels/php-src/ext/dom/php_dom.c:1463 in dom_reconcile_ns_internal -==1135853==ABORTING +Hierarchy Request Error +Hierarchy Request Error +Hierarchy Request Error + + + + + diff --git a/ext/dom/tests/gh11830/type_variation.phpt b/ext/dom/tests/gh11830/type_variation.phpt index 3c4b483602303..76732775e6dbf 100644 --- a/ext/dom/tests/gh11830/type_variation.phpt +++ b/ext/dom/tests/gh11830/type_variation.phpt @@ -47,65 +47,14 @@ try { echo $doc->saveXML(); ?> ---EXPECTF-- +--EXPECT-- DOMElement::prepend(): Argument #2 must be of type DOMNode|string, int given -================================================================= -==1135855==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000aef80 at pc 0x55a9f3e62cc1 bp 0x7fff33f0cde0 sp 0x7fff33f0cdd0 -READ of size 8 at 0x60c0000aef80 thread T0 - #0 0x55a9f3e62cc0 in dom_hierarchy /home/niels/php-src/ext/dom/php_dom.c:1304 - #1 0x55a9f3e78218 in dom_hierarchy_node_list /home/niels/php-src/ext/dom/parentnode.c:274 - #2 0x55a9f3e78273 in dom_parent_node_append /home/niels/php-src/ext/dom/parentnode.c:289 - #3 0x55a9f3e88cee in zim_DOMElement_append /home/niels/php-src/ext/dom/element.c:1189 - #4 0x55a9f46151ec in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /home/niels/php-src/Zend/zend_vm_execute.h:1761 - #5 0x55a9f475b3bc in execute_ex /home/niels/php-src/Zend/zend_vm_execute.h:55819 - #6 0x55a9f476d276 in zend_execute /home/niels/php-src/Zend/zend_vm_execute.h:60163 - #7 0x55a9f457c57a in zend_execute_scripts /home/niels/php-src/Zend/zend.c:1846 - #8 0x55a9f4411a4a in php_execute_script /home/niels/php-src/main/main.c:2542 - #9 0x55a9f4946113 in do_cli /home/niels/php-src/sapi/cli/php_cli.c:965 - #10 0x55a9f4948391 in main %s:%d - #11 0x7fc94cc9784f (/usr/lib/libc.so.6+0x2384f) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) - #12 0x7fc94cc97909 in __libc_start_main (/usr/lib/libc.so.6+0x23909) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e) - #13 0x55a9f3c03964 in _start (/home/niels/php-src/sapi/cli/php+0x403964) (BuildId: fe4174ba3c0d6fdc19db756f37e7f7f681145c4d) - -0x60c0000aef80 is located 64 bytes inside of 120-byte region [0x60c0000aef40,0x60c0000aefb8) -freed by thread T0 here: - #0 0x7fc94d2dfdc2 in __interceptor_free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52 - #1 0x7fc94cfb0029 in xmlFreeNodeList /home/niels/libxml2/tree.c:3817 - -previously allocated by thread T0 here: - #0 0x7fc94d2e1369 in __interceptor_malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:69 - #1 0x7fc94cfaebd0 in xmlNewNodeEatName /home/niels/libxml2/tree.c:2317 - -SUMMARY: AddressSanitizer: heap-use-after-free /home/niels/php-src/ext/dom/php_dom.c:1304 in dom_hierarchy -Shadow bytes around the buggy address: - 0x60c0000aed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa - 0x60c0000aed80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 - 0x60c0000aee00: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa - 0x60c0000aee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa - 0x60c0000aef00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd -=>0x60c0000aef80:[fd]fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa - 0x60c0000af000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa - 0x60c0000af080: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd - 0x60c0000af100: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa - 0x60c0000af180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa - 0x60c0000af200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa -Shadow byte legend (one shadow byte represents 8 application bytes): - Addressable: 00 - Partially addressable: 01 02 03 04 05 06 07 - Heap left redzone: fa - Freed heap region: fd - Stack left redzone: f1 - Stack mid redzone: f2 - Stack right redzone: f3 - Stack after return: f5 - Stack use after scope: f8 - Global redzone: f9 - Global init order: f6 - Poisoned by user: f7 - Container overflow: fc - Array cookie: ac - Intra object redzone: bb - ASan internal: fe - Left alloca redzone: ca - Right alloca redzone: cb -==1135855==ABORTING +DOMElement::append(): Argument #2 must be of type DOMNode|string, bool given +DOMElement::before(): Argument #2 must be of type DOMNode|string, null given +DOMElement::after(): Argument #2 must be of type DOMNode|string, stdClass given +DOMElement::replaceWith(): Argument #2 must be of type DOMNode|string, array given + + + + +