PHP  
 PHP_HEAD
downloads | QA | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | my php.net 
 

Valgrind Report for ext/xml/tests/bug32001.phpt ('Bug #32001 (xml_parse*() goes into infinite loop when autodetection in effect), using UTF-*')

Script

1: <?php
2: class testcase {
3:     private $encoding;
4:     private $bom;
5:     private $prologue;
6:     private $tags;
7:     private $chunk_size;
8:
9:     function testcase($enc$chunk_size 0$bom 0$omit_prologue 0) {
10:         $this->encoding $enc;
11:         $this->chunk_size $chunk_size;
12:         $this->bom $bom;
13:         $this->prologue = !$omit_prologue;
14:         $this->tags = array();
15:     }
16:
17:     function start_element($parser$name$attrs) {
18:         $attrs array_map('bin2hex'$attrs);
19:         $this->tags[] = bin2hex($name).": ".implode(', '$attrs);
20:     }
21:
22:     function end_element($parser$name) {
23:     }
24:
25:     function run() {
26:         $data '';
27:
28:         if ($this->prologue) {
29:             $canonical_name preg_replace('/BE|LE/i'''$this->encoding);
30:             $data .= "<?xml version=\"1.0\" encoding=\"$canonical_name\" ?>\n";
31:         }
32:
33:         $data .= <<<HERE
34: <テスト:テスト1 xmlns:テスト="http://www.example.com/テスト/" テスト="テスト">
35:   <テスト:テスト2 テスト="テスト">
36:     <テスト:テスト3>
37:       test! 
38:     </テスト:テスト3>
39:   </テスト:テスト2>
40: </テスト:テスト1>
41: HERE;
42:
43:         $data iconv("UTF-8"$this->encoding$data);
44:
45:         if ($this->bom) {
46:             switch (strtoupper($this->encoding)) {
47:                 case 'UTF-8':
48:                 case 'UTF8':
49:                     $data "\xef\xbb\xbf".$data;
50:                     break;
51:
52:                 case 'UTF-16':
53:                 case 'UTF16':
54:                 case 'UTF-16BE':
55:                 case 'UTF16BE':
56:                 case 'UCS-2':
57:                 case 'UCS2':
58:                 case 'UCS-2BE':
59:                 case 'UCS2BE':
60:                     $data "\xfe\xff".$data;
61:                     break;
62:
63:                 case 'UTF-16LE':
64:                 case 'UTF16LE':
65:                 case 'UCS-2LE':
66:                 case 'UCS2LE':
67:                     $data "\xff\xfe".$data;
68:                     break;
69:
70:                 case 'UTF-32':
71:                 case 'UTF32':
72:                 case 'UTF-32BE':
73:                 case 'UTF32BE':
74:                 case 'UCS-4':
75:                 case 'UCS4':
76:                 case 'UCS-4BE':
77:                 case 'UCS4BE':
78:                     $data "\x00\x00\xfe\xff".$data;
79:                     break;
80:
81:                 case 'UTF-32LE':
82:                 case 'UTF32LE':
83:                 case 'UCS-4LE':
84:                 case 'UCS4LE':
85:                     $data "\xff\xfe\x00\x00".$data;
86:                     break;
87:             }
88:         }
89:
90:         $parser xml_parser_create(NULL);
91:         xml_parser_set_option($parserXML_OPTION_CASE_FOLDING0);
92:         xml_set_element_handler($parser"start_element""end_element");
93:         xml_set_object($parser$this);
94:
95:         if ($this->chunk_size == 0) {
96:             $success = @xml_parse($parser$datatrue);
97:         } else {
98:             for ($offset 0$offset strlen($data);
99:                     $offset += $this->chunk_size) {
100:                 $success = @xml_parse($parsersubstr($data$offset$this->chunk_size), false);
101:                 if (!$success) {
102:                     break;
103:                 }
104:             }
105:             if ($success) {
106:                 $success = @xml_parse($parser""true);
107:             }
108:         }
109:
110:         echo "Encoding: $this->encoding\n";
111:         echo "XML Prologue: ".($this->prologue 'present''not present'), "\n";
112:         echo "Chunk size: ".($this->chunk_size "$this->chunk_size byte(s)\n""all data at once\n");
113:         echo "BOM: ".($this->bom 'prepended''not prepended'), "\n";
114:
115:         if ($success) { 
116:             var_dump($this->tags);
117:         } else {
118:             echo "[Error] "xml_error_string(xml_get_error_code($parser)), "\n";
119:         }
120:     }
121: }
122: $suite = array(
123:     new testcase("UTF-8",     000),
124:     new testcase("UTF-8",     001),
125:     new testcase("UTF-8",     010),
126:     new testcase("UTF-8",     011),
127:     new testcase("UTF-16BE",  000),
128:     new testcase("UTF-16BE",  010),
129:     new testcase("UTF-16BE",  011),
130:     new testcase("UTF-16LE",  000),
131:     new testcase("UTF-16LE",  010),
132:     new testcase("UTF-16LE",  011),
133:     new testcase("UTF-8",     100),
134:     new testcase("UTF-8",     101),
135:     new testcase("UTF-8",     110),
136:     new testcase("UTF-8",     111),
137:     new testcase("UTF-16BE",  100),
138:     new testcase("UTF-16BE",  110),
139:     new testcase("UTF-16BE",  111),
140:     new testcase("UTF-16LE",  100),
141:     new testcase("UTF-16LE",  110),
142:     new testcase("UTF-16LE",  111),
143: );
144:
145: if (XML_SAX_IMPL == 'libxml') {
146:   echo "libxml2 Version => " LIBXML_DOTTED_VERSION"\n";
147: } else {
148:   echo "libxml2 Version => NONE\n";  
149: }
150:
151: foreach ($suite as $testcase) {
152:     $testcase->run();
153: }
154:
155: // vim600: sts=4 sw=4 ts=4 encoding=UTF-8
156: ?>
157:

Report

==27056== Invalid read of size 8
==27056==    at 0x4C2AD20: memmove (mc_replace_strmem.c:1023)
==27056==    by 0x8C74299: xmlBufferAdd (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81D9D: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056==  Address 0x1553dfb0 is 0 bytes inside a block of size 2 alloc'd
==27056==    at 0x4C2794E: malloc (vg_replace_malloc.c:270)
==27056==    by 0xDB9CE4: _emalloc (zend_alloc.c:2427)
==27056==    by 0xDBA472: _estrndup (zend_alloc.c:2650)
==27056==    by 0xBE528E: zif_substr (string.c:2280)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056==    by 0xFF2EA4: do_cli (php_cli.c:993)
==27056==    by 0xFF4651: main (php_cli.c:1377)
==27056== 
==27056== Invalid read of size 8
==27056==    at 0x4C2AD36: memmove (mc_replace_strmem.c:1023)
==27056==    by 0x8C74299: xmlBufferAdd (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81D9D: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056==  Address 0x1553dfc0 is 14 bytes after a block of size 2 alloc'd
==27056==    at 0x4C2794E: malloc (vg_replace_malloc.c:270)
==27056==    by 0xDB9CE4: _emalloc (zend_alloc.c:2427)
==27056==    by 0xDBA472: _estrndup (zend_alloc.c:2650)
==27056==    by 0xBE528E: zif_substr (string.c:2280)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056==    by 0xFF2EA4: do_cli (php_cli.c:993)
==27056==    by 0xFF4651: main (php_cli.c:1377)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C50BDA: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C50BED: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C50C17: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C50CF7: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C57F20: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6EEF9: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F4FA: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056==    by 0xFF2EA4: do_cli (php_cli.c:993)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C5069E: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C506AC: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C5075D: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056== 
==27056== Conditional jump or move depends on uninitialised value(s)
==27056==    at 0x8C507C5: ??? (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C51E2B: xmlCharEncInFunc (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C81DB5: xmlParserInputBufferPush (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0x8C6F49D: xmlParseChunk (in /usr/lib64/libxml2.so.2.7.6)
==27056==    by 0xC7CB65: php_XML_Parse (compat.c:605)
==27056==    by 0xC78F50: zif_xml_parse (xml.c:1444)
==27056==    by 0xE7289D: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:547)
==27056==    by 0xE7C8AD: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:2326)
==27056==    by 0xE70468: execute_ex (zend_vm_execute.h:356)
==27056==    by 0xE70FFA: zend_execute (zend_vm_execute.h:381)
==27056==    by 0xE0E4F2: zend_execute_scripts (zend.c:1316)
==27056==    by 0xD31EFF: php_execute_script (main.c:2479)
==27056==

 

Generated at Fri, 17 May 2013 23:23:52 +0000 (2 days ago)
Copyright © 2005-2013 The PHP Group
All rights reserved.