PHP 5.2.5_1 crashes on XSLTProcessor::importStylesheet

[peter@…]

When I run this little PHP script with my MacPorts Apache2/PHP 5.2.5_1 (both the latest versions available in the ports):

  <?php
  $stylesheet = new DOMDocument();
  $stylesheet->loadXML('<?xml version="1.0" encoding="utf-8"?>
  <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  </xsl:stylesheet>  
  ');
  $processor = new XSLTProcessor();
  $processor->importStylesheet($stylesheet);
  echo "jow";

Apache segfaults: [Thu Jan 24 22:51:35 2008] [notice] child pid 24505 exit signal Segmentation fault (11)

The strange thing is, when I change the echo from a simple "jow" to something like "never gets here :(" the script sometimes doesn't segfault. When I remove the echo however it always segfaults.

Running the same script using the cli php (the MacPorts php binary, not the built-in Leopard PHP binary), doesn't segfault.

Based on this post ​http://www.nabble.com/Problem-with-PHP-and-libxslt-td15000461.html, I did a reinstall of libxml2, libxslt and php5, but this didn't help either.

Ofcourse in real-life my code is a bit more complex, but I got it reduced to this small example. My real XSLT stylesheet ofcourse isn't empty.

[peter@…]

Using gdb I was able to generate a backtrace:

Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xfffffff4 0x914fc2af in szone_free () (gdb) bt #0 0x914fc2af in szone_free () #1 0x914fb9ed in free () #2 0x93635aba in xmlFreeNodeList () #3 0x936359c4 in xmlFreeNodeList () #4 0x0195d575 in xmlFreeDoc () #5 0x01002913 in php_libxml_decrement_doc_ref () #6 0x01055920 in dom_objects_free_storage () #7 0x012afc4a in zend_objects_store_del_ref_by_handle () #8 0x012afc67 in zend_objects_store_del_ref () #9 0x01282ee8 in _zval_ptr_dtor () #10 0x0129bb77 in zend_hash_apply_deleter () #11 0x0129bf9e in zend_hash_reverse_apply () #12 0x0128211f in shutdown_destructors () #13 0x012913d6 in zend_call_destructors () #14 0x012495f3 in php_request_shutdown () #15 0x01328a32 in php_handler () #16 0x000028b8 in ap_run_handler () #17 0x00002dc7 in ap_invoke_handler () #18 0x00027bae in ap_process_request () #19 0x00024578 in ap_process_http_connection () #20 0x000104f8 in ap_run_process_connection () #21 0x0002c320 in child_main () #22 0x0002c5fa in make_child () #23 0x0002d950 in ap_mpm_run () #24 0x00009060 in main ()

[peter@…]

Hmmm

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xfffffff4
0x914fc2af in szone_free ()
(gdb) bt
#0  0x914fc2af in szone_free ()
#1  0x914fb9ed in free ()
#2  0x93635aba in xmlFreeNodeList ()
#3  0x936359c4 in xmlFreeNodeList ()
#4  0x0195d575 in xmlFreeDoc ()
#5  0x01002913 in php_libxml_decrement_doc_ref ()
#6  0x01055920 in dom_objects_free_storage ()
#7  0x012afc4a in zend_objects_store_del_ref_by_handle ()
#8  0x012afc67 in zend_objects_store_del_ref ()
#9  0x01282ee8 in _zval_ptr_dtor ()
#10 0x0129bb77 in zend_hash_apply_deleter ()
#11 0x0129bf9e in zend_hash_reverse_apply ()
#12 0x0128211f in shutdown_destructors ()
#13 0x012913d6 in zend_call_destructors ()
#14 0x012495f3 in php_request_shutdown ()
#15 0x01328a32 in php_handler ()
#16 0x000028b8 in ap_run_handler ()
#17 0x00002dc7 in ap_invoke_handler ()
#18 0x00027bae in ap_process_request ()
#19 0x00024578 in ap_process_http_connection ()
#20 0x000104f8 in ap_run_process_connection ()
#21 0x0002c320 in child_main ()
#22 0x0002c5fa in make_child ()
#23 0x0002d950 in ap_mpm_run ()
#24 0x00009060 in main ()

More readable. :)

[ryandesign (Ryan Carsten Schmidt)]

Assigning to maintainer of php5 (me!). I will see if I can reproduce this on my system.

[jonasmunk@…]

Hi, I was am the one who psoted ​http://www.nabble.com/Problem-with-PHP-and-libxslt-td15000461.html

Is there any progress or is there any way I can help?

[dp macports@…]

I suspect that I'm having a related problem. In my case, libxml2 from MacPorts defines the xmlURI struct with one more element than the libxml2 from Mac OS X. For some reason, it uses the xmlCreateURI function from /usr/lib/libxml2.dylib instead of the xmlCreateURI function from /opt/local/lib/libxml2.dylib. This results in the last element of the xmlURI struct not getting initialized to NULL, so that when the struct is destroyed, the code attempts to free the wild pointer. Bang, dead.

Seems like /opt/local/lib/libxml2.dylib (9.0.0) should have a higher compatibility version than /usr/lib/libxml2.dylib (9.0.0).

This doesn't always fail because sometimes the correct version of the function is called.

I downgraded to libxml2 2.6.28 and the problem seems to have gone away. Note that this is still newer than the version that Apple ships, so there is still a chance of an incompatibility.

At least in my case, this is arguably a libxml2 bug, not a PHP bug.

[peter@…]

Just tried with php5-devel (5.2.6 RC1), no luck.

How can I downgrade libxml2 to check if this fixes my problem? Does the port command support specifying a version you want to install?

[peter@…]

I modified my local libxml2 Portfile so that it installs libxml2. I forcefully uninstalled libxml2. Installed the older verion (2.6.28), uninstalled php5-devel, reinstalled php5-devel (after cleaning ofcourse) but I still have the same problem :(

[ryandesign (Ryan Carsten Schmidt)]

Replying to dp macports@oxidized.org:

I suspect that I'm having a related problem. In my case, libxml2 from MacPorts defines the xmlURI struct with one more element than the libxml2 from Mac OS X. For some reason, it uses the xmlCreateURI function from /usr/lib/libxml2.dylib instead of the xmlCreateURI function from /opt/local/lib/libxml2.dylib. This results in the last element of the xmlURI struct not getting initialized to NULL, so that when the struct is destroyed, the code attempts to free the wild pointer. Bang, dead.

Seems like /opt/local/lib/libxml2.dylib (9.0.0) should have a higher compatibility version than /usr/lib/libxml2.dylib (9.0.0).

Cc'ing maintainer of libxml2 since apparently a bug needs to be reported to the developers of libxml: /opt/local/lib/libxml2.dylib (version 9.31.0) and /usr/lib/libxml2.dylib (version 9.16.0 (on Mac OS X 10.4.11)) claim to have the same compatibility version (9.0.0) though they are incompatible because they define the xmlURI struct differently. Here's the relevant diff from the source:

$ diff -bu libxml2-2.6.{16,31}/include/libxml/uri.h
--- libxml2-2.6.16/include/libxml/uri.h 2004-06-07 16:33:11.000000000 -0500
+++ libxml2-2.6.31/include/libxml/uri.h 2007-04-26 03:31:34.000000000 -0500
@@ -23,6 +23,10 @@
  *
  * A parsed URI reference. This is a struct containing the various fields
  * as described in RFC 2396 but separated for further processing.
+ *
+ * Note: query is a deprecated field which is incorrectly unescaped.
+ * query_raw takes precedence over query if the former is set.
+ * See: http://mail.gnome.org/archives/xml/2007-April/thread.html#00127
  */
 typedef struct _xmlURI xmlURI;
 typedef xmlURI *xmlURIPtr;
@@ -34,9 +38,10 @@
     char *user;                /* the user part */
     int port;          /* the port number */
     char *path;                /* the path string */
-    char *query;       /* the query string */
+    char *query;       /* the query string (deprecated - use with caution) */
     char *fragment;    /* the fragment identifier */
     int  cleanup;      /* parsing potentially unclean URI */
+    char *query_raw;   /* the query string (as it appears in the URI) */
 };
 
 /*
[snip]

Replying to peter@no-nonsense.org:

How can I downgrade libxml2 to check if this fixes my problem? Does the port command support specifying a version you want to install?

No it does not. I see you already found how to do this, and I'm sorry to hear it did not help in your case, but for others who may want to try it: To get an older version, browse the repository to find the port you want, then use the Revision Log link in the upper right to find the older version of the portfile that you want to install. For example, here's the portfile for libxml2 @2.6.28_1​. Download this to disk using the Original Format link at the bottom of the page. Then use the Terminal to cd to the directory where you downloaded the portfile and type "port install". If the port had any patchfiles you would also need to grab all of them from the same revision, but libxml2 doesn't have any.

[dp macports@…]

Replying to peter@no-nonsense.org:

Installed the older verion (2.6.28), uninstalled php5-devel, reinstalled php5-devel (after cleaning ofcourse) but I still have the same problem :(

I ran into a further problem, again related to libxml2. This time, it was in xmlFreeDoc() (I think). I downgraded libxml2 and libxslt to:

• libxml2 @2.6.16_0
• libxslt @1.1.12_0

That solved my new problem. Note that the libxml2 version there is the same version that Apple ships (try /usr/bin/xml2-config --version).

Sorry I don't have more details; I didn't really have time to track it down.

[peter@…]

I'm using the Entropy PHP 5.2.5 Beta 6 (​http://www.entropy.ch/phpbb2/viewtopic.php?t=2945&start=75) version for now (using the default Apache included in Leopard) which seems to work fine. It uses libxml2 version 2.6.30 and libxslt version 1.1.22. Strange that those don't seem to crash...

[guglielmo.celata@…]

Replying to dp macports@oxidized.org:

Replying to peter@no-nonsense.org:

Installed the older verion (2.6.28), uninstalled php5-devel, reinstalled php5-devel (after cleaning ofcourse) but I still have the same problem :(

I ran into a further problem, again related to libxml2. This time, it was in xmlFreeDoc() (I think). I downgraded libxml2 and libxslt to:

• libxml2 @2.6.16_0
• libxslt @1.1.12_0

That solved my new problem. Note that the libxml2 version there is the same version that Apple ships (try /usr/bin/xml2-config --version).

I had the same problem on an OSX 10.5, with libxml2 2.6.31 and libxslt 1.1.22, apache2 and php5, everything installed with macports. A simple php script was correctly executed with the CLI, and a segmentation fault came out when using the libphp5.so. I downgraded as you suggested and things went back to normal.

[jmroot (Joshua Root)]

Has building libxml2 with two-level namespace helped with this? (#15750, r38015)

[dp+macports@…]

libxml2 @2.6.32_1+debug seems to work fine for me.

[peter@…]

Just tried it after installing the latest versions of all the ports involved (apache 2.2.9_1, libxml2 2.6.32_1, libxslt 1.1.23_0 and php5 5.2.6_1) but unfortunately Apache still segfaults. I've used the following test script to reproduce:

<?php
$stylesheet = new DOMDocument();
$stylesheet->loadXML('<?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
</xsl:stylesheet>  
');
$processor = new XSLTProcessor();
$processor->importStylesheet($stylesheet);
echo "hello world"
?>

The "hello world" is never outputted.

[dp+macports@…]

I too get a segfault using the test script from peter@no-nonsense.org and the backtrace matches the one that was posted in comment 2 from peter@no-nonsense.org.

[bensan.benny@…]

Is there any progress in trying to resolve this bug? If not, what versions of libxml2 did you downgrade to? I downloaded 2.6.28_1 but when I invoke phpinfo() it shows my libxml as 2.6.32. Any suggestions and/or feedback is welcome.

[plb@…]

I am facing the same problems as described. Diverse operations in php related to libxsl keep crashing apache (importing stylesheets, transforming xml, just unseting an XSLTProcessor object).

In the past I also had those strange crashes when using the libxml in php. That was because of apache and php sharing their libxml randomly. This has been solved, as you can read above, by building port's libxml with two-level-namespace.

Therefore I tried to fix libxslt the same way libxml has been fixed: I forced it to be build with two-level-namespace by adding the following lines in its portfile:

use_autoconf yes autoconf.cmd autoreconf

Well, now all php operations seem to run as expected again. This is fine so far, but of course it would be perfect if you guys could patch the repository's portfile :)

[ryandesign (Ryan Carsten Schmidt)]

Thank you very much, Per. On Leopard, I can confirm the issue, and your fix. I've added the fix to the libxslt port in r39326.

[bensan.benny@…]

Ryan,

Thanks! It works beautifully now.

Replying to ryandesign@macports.org:

Thank you very much, Per. On Leopard, I can confirm the issue, and your fix. I've added the fix to the libxslt port in r39326.

[ryandesign (Ryan Carsten Schmidt)]

Turns out automake and libtool are ​also required by autoreconf so I added those dependencies in r39485.

[Dormilich@…]

Cc Me!

[Dormilich@…]

Replying to ryandesign@…:

Turns out automake and libtool are ​also required by autoreconf so I added those dependencies in r39485.

libxslt 1.1.24_0 seems to cause the bug again.

description: apache gets a blank document, due to PHP crash of XSLTProcessor::importStylesheet().

current MacPorts configuration on this: php5 @5.2.6_1+apache2+macosx+mysql5+pear (no further options on install) libxml2 @2.7.2_0 libxslt @1.1.24_0

[ryandesign (Ryan Carsten Schmidt)]

Replying to Dormilich@…:

libxslt 1.1.24_0 seems to cause the bug again.

Would you please sync your ports tree again and see if the fix just committed in r42053 makes a difference?

[blb@…]

It looks like libxslt may need the same MDT fix as libxml2 did, my 1.6 install shows the libxslt dylib as being non-two level but it is on my trunk-based install.

[blb@…]

Replying to blb@…:

It looks like libxslt may need the same MDT fix as libxml2 did, my 1.6 install shows the libxslt dylib as being non-two level but it is on my trunk-based install.

Confirmed; fixed in r42056, though only for 10.5 since 10.3 and 10.4 were already setting MDT.

[ryandesign (Ryan Carsten Schmidt)]

Replying to blb@…:

Confirmed; fixed in r42056, though only for 10.5 since 10.3 and 10.4 were already setting MDT.

Really? But MACOSX_DEPLOYMENT_TARGET defaults to 10.5 on 10.5, doesn't it? Whereas on 10.1 thru 10.4 it defaults to 10.1 which is why we have to set it.

[blb@…]

Replying to ryandesign@…:

Really? But MACOSX_DEPLOYMENT_TARGET defaults to 10.5 on 10.5, doesn't it? Whereas on 10.1 thru 10.4 it defaults to 10.1 which is why we have to set it.

Defaults to 10.5 where though? It seems that, if using autoconf also fixes this, maybe it's configure trying to be smart about it, so when it doesn't see MDT it assumes 10.1...since my 1.6 install on 10.5.5 had a libxslt that wasn't two-level until r42056, something isn't working properly.

[blb@…]

With MacPorts 1.7.0 released and automatically setting MDT as necessary, is this still an issue for anyone?

[(none)]

Milestone Port Bugs deleted

[blb@…]

Closing, lack of response.