PHP  
 PHP_5_5
downloads | QA | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | my php.net 
 

Valgrind Report for ext/xml/tests/bug32001.phpt ('Bug #32001 (xml_parse*() goes into infinite loop when autodetection in effect), using UTF-*')

Script

1: <?php
2:
class testcase {
3:     private 
$encoding;
4:     private 
$bom;
5:     private 
$prologue;
6:     private 
$tags;
7:     private 
$chunk_size;
8:
9:     function 
testcase($enc$chunk_size 0$bom 0$omit_prologue 0) {
10:         
$this->encoding $enc;
11:         
$this->chunk_size $chunk_size;
12:         
$this->bom $bom;
13:         
$this->prologue = !$omit_prologue;
14:         
$this->tags = array();
15:     }
16:
17:     function 
start_element($parser$name$attrs) {
18:         
$attrs array_map('bin2hex'$attrs);
19:         
$this->tags[] = bin2hex($name).": ".implode(', '$attrs);
20:     }
21:
22:     function 
end_element($parser$name) {
23:     }
24:
25:     function 
run() {
26:         
$data '';
27:
28:         if (
$this->prologue) {
29:             
$canonical_name preg_replace('/BE|LE/i'''$this->encoding);
30:             
$data .= "<?xml version=\"1.0\" encoding=\"$canonical_name\" ?>\n";
31:         }
32:
33:         
$data .= <<<HERE
34:
<テスト:テスト1 xmlns:テスト="http://www.example.com/テスト/" テスト="テスト">
35:   <テスト:テスト2 テスト="テスト">
36:     <テスト:テスト3>
37:       test! 
38:     </テスト:テスト3>
39:   </テスト:テスト2>
40: </テスト:テスト1>
41:
HERE;
42:
43:         
$data iconv("UTF-8"$this->encoding$data);
44:
45:         if (
$this->bom) {
46:             switch (
strtoupper($this->encoding)) {
47:                 case 
'UTF-8':
48:                 case 
'UTF8':
49:                     
$data "\xef\xbb\xbf".$data;
50:                     break;
51:
52:                 case 
'UTF-16':
53:                 case 
'UTF16':
54:                 case 
'UTF-16BE':
55:                 case 
'UTF16BE':
56:                 case 
'UCS-2':
57:                 case 
'UCS2':
58:                 case 
'UCS-2BE':
59:                 case 
'UCS2BE':
60:                     
$data "\xfe\xff".$data;
61:                     break;
62:
63:                 case 
'UTF-16LE':
64:                 case 
'UTF16LE':
65:                 case 
'UCS-2LE':
66:                 case 
'UCS2LE':
67:                     
$data "\xff\xfe".$data;
68:                     break;
69:
70:                 case 
'UTF-32':
71:                 case 
'UTF32':
72:                 case 
'UTF-32BE':
73:                 case 
'UTF32BE':
74:                 case 
'UCS-4':
75:                 case 
'UCS4':
76:                 case 
'UCS-4BE':
77:                 case 
'UCS4BE':
78:                     
$data "\x00\x00\xfe\xff".$data;
79:                     break;
80:
81:                 case 
'UTF-32LE':
82:                 case 
'UTF32LE':
83:                 case 
'UCS-4LE':
84:                 case 
'UCS4LE':
85:                     
$data "\xff\xfe\x00\x00".$data;
86:                     break;
87:             }
88:         }
89:
90:         
$parser xml_parser_create(NULL);
91:         
xml_parser_set_option($parserXML_OPTION_CASE_FOLDING0);
92:         
xml_set_element_handler($parser"start_element""end_element");
93:         
xml_set_object($parser$this);
94:
95:         if (
$this->chunk_size == 0) {
96:             
$success = @xml_parse($parser$datatrue);
97:         } else {
98:             for (
$offset 0$offset strlen($data);
99:                     
$offset += $this->chunk_size) {
100:                 
$success = @xml_parse($parsersubstr($data$offset$this->chunk_size), false);
101:                 if (!
$success) {
102:                     break;
103:                 }
104:             }
105:             if (
$success) {
106:                 
$success = @xml_parse($parser""true);
107:             }
108:         }
109:
110:         echo 
"Encoding: $this->encoding\n";
111:         echo 
"XML Prologue: ".($this->prologue 'present''not present'), "\n";
112:         echo 
"Chunk size: ".($this->chunk_size "$this->chunk_size byte(s)\n""all data at once\n");
113:         echo 
"BOM: ".($this->bom 'prepended''not prepended'), "\n";
114:
115:         if (
$success) { 
116:             
var_dump($this->tags);
117:         } else {
118:             echo 
"[Error] "xml_error_string(xml_get_error_code($parser)), "\n";
119:         }
120:     }
121: }
122:
$suite = array(
123:     new 
testcase("UTF-8",     000),
124:     new 
testcase("UTF-8",     001),
125:     new 
testcase("UTF-8",     010),
126:     new 
testcase("UTF-8",     011),
127:     new 
testcase("UTF-16BE",  000),
128:     new 
testcase("UTF-16BE",  010),
129:     new 
testcase("UTF-16BE",  011),
130:     new 
testcase("UTF-16LE",  000),
131:     new 
testcase("UTF-16LE",  010),
132:     new 
testcase("UTF-16LE",  011),
133:     new 
testcase("UTF-8",     100),
134:     new 
testcase("UTF-8",     101),
135:     new 
testcase("UTF-8",     110),
136:     new 
testcase("UTF-8",     111),
137:     new 
testcase("UTF-16BE",  100),
138:     new 
testcase("UTF-16BE",  110),
139:     new 
testcase("UTF-16BE",  111),
140:     new 
testcase("UTF-16LE",  100),
141:     new 
testcase("UTF-16LE",  110),
142:     new 
testcase("UTF-16LE",  111),
143: );
144:
145: if (
XML_SAX_IMPL == 'libxml') {
146:   echo 
"libxml2 Version => " LIBXML_DOTTED_VERSION"\n";
147: } else {
148:   echo 
"libxml2 Version => NONE\n";  
149: }
150:
151: foreach (
$suite as $testcase) {
152:     
$testcase->run();
153: }
154:
155:
// vim600: sts=4 sw=4 ts=4 encoding=UTF-8
156:
?>
157:

Report

==1897== Invalid read of size 8
==1897==    at 0x4C2B070: memmove (mc_replace_strmem.c:1071)
==1897==    by 0x89D82A9: xmlBufferAdd (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DAD: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897==  Address 0x155eae40 is 0 bytes inside a block of size 2 alloc'd
==1897==    at 0x4C27AFA: malloc (vg_replace_malloc.c:291)
==1897==    by 0xDED9A4: _emalloc (zend_alloc.c:2427)
==1897==    by 0xDEE133: _estrndup (zend_alloc.c:2650)
==1897==    by 0xC18107: zif_substr (string.c:2294)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897==    by 0x1026445: do_cli (php_cli.c:994)
==1897==    by 0x1027BF2: main (php_cli.c:1378)
==1897== 
==1897== Invalid read of size 8
==1897==    at 0x4C2B086: memmove (mc_replace_strmem.c:1071)
==1897==    by 0x89D82A9: xmlBufferAdd (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DAD: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897==  Address 0x155eae50 is 14 bytes after a block of size 2 alloc'd
==1897==    at 0x4C27AFA: malloc (vg_replace_malloc.c:291)
==1897==    by 0xDED9A4: _emalloc (zend_alloc.c:2427)
==1897==    by 0xDEE133: _estrndup (zend_alloc.c:2650)
==1897==    by 0xC18107: zif_substr (string.c:2294)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897==    by 0x1026445: do_cli (php_cli.c:994)
==1897==    by 0x1027BF2: main (php_cli.c:1378)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B4BDA: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B4BED: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B4C17: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B4CF7: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89BBF20: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D2EF9: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D34FA: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897==    by 0x1026445: do_cli (php_cli.c:994)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B469E: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B46AC: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B475D: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 
==1897== Conditional jump or move depends on uninitialised value(s)
==1897==    at 0x89B47C5: ??? (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89B5E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89E5DC5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0x89D349D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==1897==    by 0xCAFC49: php_XML_Parse (compat.c:605)
==1897==    by 0xCAC034: zif_xml_parse (xml.c:1454)
==1897==    by 0xEA71B1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==1897==    by 0xEB1222: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2329)
==1897==    by 0xEA4E00: execute_ex (zend_vm_execute.h:363)
==1897==    by 0xEA5992: zend_execute (zend_vm_execute.h:388)
==1897==    by 0xE41F61: zend_execute_scripts (zend.c:1316)
==1897==    by 0xD656FC: php_execute_script (main.c:2506)
==1897== 

 

Generated at Sat, 12 Apr 2014 09:02:23 +0000 (4 days ago)

Copyright © 2005-2014 The PHP Group
All rights reserved.