Open
Description
Description
The following code:
https://3v4l.org/SaDYr#v8.4.10
PHP
<?php
$xml_reader = \XMLReader::fromString('
<sparql xmlns="http://www.w3.org/2005/sparql-results#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.w3.org/2001/sw/DataAccess/rf1/result2.xsd">
<head>
<variable name="s"/>
<variable name="p"/>
</head>
<results>
<result>
<binding name="s"><uri>https://assetmodel.moxio.com/concept/bestaat_uit</uri></binding>
<binding name="p"><uri>http://www.w3.org/1999/02/22-rdf-syntax-ns#type</uri></binding>
</result>
<result>
<binding name="s"><uri>https://assetmodel.moxio.com/concept/bestaat_uit</uri></binding>
</result>
</results>
</sparql>');
$success = $xml_reader->next("sparql");
assert($success, "The XML-reply should start with a sparql element");
$success = $xml_reader->read();
assert($success, "It should be possible to move into the sparql element");
$success = $xml_reader->next("head");
assert($success, "The sparql element should contain a head element");
$success = $xml_reader->read();
assert($success, "It should be possible to move into the sparql element");
$success = $xml_reader->next("results");
assert($success, "The sparql element should contain a head element");
while ($xml_reader->read() === true) {
if ($xml_reader->next("result") === true) {
$result_as_dom_node = $xml_reader->expand();
assert($result_as_dom_node !== false, "The result-element could not be expanded to a dom node");
/** @var \DOMNode $binding_node */
foreach ($result_as_dom_node->childNodes as $binding_node) {
if ($binding_node->nodeType === XML_ELEMENT_NODE) {
$variable_name = $binding_node->getAttribute("name");
/** @var \DOMNode $binding_value_node */
foreach ($binding_node->childNodes as $binding_value_node) {
}
}
}
}
}Resulted in this output:
Segmentation fault (core dumped)
But I expected this output instead: not crashing my php process :)
GDB output:
(gdb) set args SegfaultTest.php
(gdb) run
Starting program: /usr/local/bin/php SegfaultTest.php
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00005c8bc6064d7c in php_libxml_node_free (node=0x5c8bcb5dad70) at /root/php-src/ext/libxml/libxml.c:283
283 header->ns_hook(header, node);
(gdb) print header
$1 = (php_libxml_private_data_header *) 0x7365622f74706562
(gdb) info frame 0
Stack frame at 0x7ffc2eb466f0:
rip = 0x5c8bc6064d7c in php_libxml_node_free (/root/php-src/ext/libxml/libxml.c:283); saved rip = 0x5c8bc6067dbb
called by frame at 0x7ffc2eb46710
source language c.
Arglist at 0x7ffc2eb466e0, args: node=0x5c8bcb5dad70
Locals at 0x7ffc2eb466e0, Previous frame's sp is 0x7ffc2eb466f0
Saved registers:
rbp at 0x7ffc2eb466e0, rip at 0x7ffc2eb466e8
(gdb) info registers
rax 0x7365622f74706562 8315160242965996898
rbx 0x7ffc2eb494b8 140721092072632
rcx 0x6 6
rdx 0x5c8bc686080c 101755400882188
rsi 0x3 3
rdi 0x5c8bcb5dad70 101755482123632
rbp 0x7ffc2eb466e0 0x7ffc2eb466e0
rsp 0x7ffc2eb46690 0x7ffc2eb46690
r8 0x7 7
r9 0x5c8bcb5dae10 101755482123792
r10 0x7cf791b8d3473b5 562801637684704181
r11 0x748d79985a80 128150979238528
r12 0x0 0
r13 0x7ffc2eb494d0 140721092072656
r14 0x748d76015020 128150919008288
r15 0x748d76099940 128150919551296
rip 0x5c8bc6064d7c 0x5c8bc6064d7c <php_libxml_node_free+945>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0PHP Version
PHP 8.4.10-dev (cli) (built: Jul 11 2025 19:49:26) (NTS DEBUG)
Copyright (c) The PHP Group
Zend Engine v4.4.10-dev, Copyright (c) Zend Technologies
Operating System
Debian GNU/Linux 12 (bookworm)