Skip to content

memory leak xmlCopyDocElementContent #19956

New issue
New issue
Closed as not planned
Closed as not planned
memory leak xmlCopyDocElementContent#19956
Assignees
ndossche
Labels
BugExtension: domStatus: Fixed in Third Party Library
@YuanchengJiang

Description

@YuanchengJiang
YuanchengJiang
opened on Sep 25, 2025

Description

The following code:

<?php
$xml = "<?xml version=\"1.0\"?>
<!DOCTYPE note [
<!ELEMENT note (to,from,heading,body)>
]>
<note>
</note>";
$dom = new DOMDocument('1.0');
$dom->loadXML($xml);
$dom2 = clone $dom;

Resulted in this output:

=================================================================
==3571198==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x6810bd in malloc (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6810bd)
    #1 0x7db1372ff752 in xmlCopyDocElementContent (/lib/x86_64-linux-gnu/libxml2.so.2+0x85752)
    #2 0x7db1373004c4  (/lib/x86_64-linux-gnu/libxml2.so.2+0x864c4)
    #3 0x7db1372ec952 in xmlCopyDtd (/lib/x86_64-linux-gnu/libxml2.so.2+0x72952)
    #4 0x7db1372ec050 in xmlCopyDoc (/lib/x86_64-linux-gnu/libxml2.so.2+0x72050)
    #5 0x118a8b6 in dom_clone_node /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:2618:10
    #6 0x1137dfa in dom_objects_store_clone_obj /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:653:29
    #7 0x5f4862a in ZEND_CLONE_SPEC_CV_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:41843:2
    #8 0x5b3f75b in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:115722:12
    #9 0x5b41cec in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:121434:2
    #10 0x68c4e09 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1977:3
    #11 0x50a195a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2640:13
    #12 0x50a2a98 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2680:9
    #13 0x68d9d1a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:951:5
    #14 0x68d40ff in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1362:18
    #15 0x7db136880d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #16 0x7db136880e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #17 0x6061f4 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6061f4)

Indirect leak of 96 byte(s) in 2 object(s) allocated from:
    #0 0x6810bd in malloc (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6810bd)
    #1 0x7db1372ff752 in xmlCopyDocElementContent (/lib/x86_64-linux-gnu/libxml2.so.2+0x85752)
    #2 0x7db1373004c4  (/lib/x86_64-linux-gnu/libxml2.so.2+0x864c4)
    #3 0x7db1372ec952 in xmlCopyDtd (/lib/x86_64-linux-gnu/libxml2.so.2+0x72952)
    #4 0x7db1372ec050 in xmlCopyDoc (/lib/x86_64-linux-gnu/libxml2.so.2+0x72050)
    #5 0x118a8b6 in dom_clone_node /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:2618:10
    #6 0x1137dfa in dom_objects_store_clone_obj /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:653:29
    #7 0x5f4862a in ZEND_CLONE_SPEC_CV_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:41843:2
    #8 0x5b3f75b in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:115722:12
    #9 0x5b41cec in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:121434:2
    #10 0x68c4e09 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1977:3
    #11 0x50a195a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2640:13
    #12 0x50a2a98 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2680:9
    #13 0x68d9d1a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:951:5
    #14 0x68d40ff in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1362:18
    #15 0x7db136880d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #16 0x7db136880e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #17 0x6061f4 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6061f4)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x6810bd in malloc (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6810bd)
    #1 0x7db1372ff6ac in xmlCopyDocElementContent (/lib/x86_64-linux-gnu/libxml2.so.2+0x856ac)
    #2 0x7db1372ff7c9 in xmlCopyDocElementContent (/lib/x86_64-linux-gnu/libxml2.so.2+0x857c9)
    #3 0x7db1373004c4  (/lib/x86_64-linux-gnu/libxml2.so.2+0x864c4)
    #4 0x7db1372ec952 in xmlCopyDtd (/lib/x86_64-linux-gnu/libxml2.so.2+0x72952)
    #5 0x7db1372ec050 in xmlCopyDoc (/lib/x86_64-linux-gnu/libxml2.so.2+0x72050)
    #6 0x118a8b6 in dom_clone_node /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:2618:10
    #7 0x1137dfa in dom_objects_store_clone_obj /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:653:29
    #8 0x5f4862a in ZEND_CLONE_SPEC_CV_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:41843:2
    #9 0x5b3f75b in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:115722:12
    #10 0x5b41cec in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:121434:2
    #11 0x68c4e09 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1977:3
    #12 0x50a195a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2640:13
    #13 0x50a2a98 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2680:9
    #14 0x68d9d1a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:951:5
    #15 0x68d40ff in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1362:18
    #16 0x7db136880d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #17 0x7db136880e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #18 0x6061f4 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6061f4)

Indirect leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x6810bd in malloc (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6810bd)
    #1 0x7db13735d7c2 in xmlStrdup (/lib/x86_64-linux-gnu/libxml2.so.2+0xe37c2)
    #2 0x7db1372ff8f7 in xmlCopyDocElementContent (/lib/x86_64-linux-gnu/libxml2.so.2+0x858f7)
    #3 0x7db1372ff7c9 in xmlCopyDocElementContent (/lib/x86_64-linux-gnu/libxml2.so.2+0x857c9)
    #4 0x7db1373004c4  (/lib/x86_64-linux-gnu/libxml2.so.2+0x864c4)
    #5 0x7db1372ec952 in xmlCopyDtd (/lib/x86_64-linux-gnu/libxml2.so.2+0x72952)
    #6 0x7db1372ec050 in xmlCopyDoc (/lib/x86_64-linux-gnu/libxml2.so.2+0x72050)
    #7 0x118a8b6 in dom_clone_node /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:2618:10
    #8 0x1137dfa in dom_objects_store_clone_obj /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:653:29
    #9 0x5f4862a in ZEND_CLONE_SPEC_CV_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:41843:2
    #10 0x5b3f75b in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:115722:12
    #11 0x5b41cec in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:121434:2
    #12 0x68c4e09 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1977:3
    #13 0x50a195a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2640:13
    #14 0x50a2a98 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2680:9
    #15 0x68d9d1a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:951:5
    #16 0x68d40ff in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1362:18
    #17 0x7db136880d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #18 0x7db136880e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #19 0x6061f4 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6061f4)

Indirect leak of 5 byte(s) in 1 object(s) allocated from:
    #0 0x6810bd in malloc (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6810bd)
    #1 0x7db13735d7c2 in xmlStrdup (/lib/x86_64-linux-gnu/libxml2.so.2+0xe37c2)
    #2 0x7db1372ff83f in xmlCopyDocElementContent (/lib/x86_64-linux-gnu/libxml2.so.2+0x8583f)
    #3 0x7db1373004c4  (/lib/x86_64-linux-gnu/libxml2.so.2+0x864c4)
    #4 0x7db1372ec952 in xmlCopyDtd (/lib/x86_64-linux-gnu/libxml2.so.2+0x72952)
    #5 0x7db1372ec050 in xmlCopyDoc (/lib/x86_64-linux-gnu/libxml2.so.2+0x72050)
    #6 0x118a8b6 in dom_clone_node /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:2618:10
    #7 0x1137dfa in dom_objects_store_clone_obj /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/dom/php_dom.c:653:29
    #8 0x5f4862a in ZEND_CLONE_SPEC_CV_HANDLER /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:41843:2
    #9 0x5b3f75b in execute_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:115722:12
    #10 0x5b41cec in zend_execute /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_vm_execute.h:121434:2
    #11 0x68c4e09 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1977:3
    #12 0x50a195a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2640:13
    #13 0x50a2a98 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2680:9
    #14 0x68d9d1a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:951:5
    #15 0x68d40ff in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1362:18
    #16 0x7db136880d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #17 0x7db136880e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #18 0x6061f4 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x6061f4)

SUMMARY: AddressSanitizer: 205 byte(s) leaked in 6 allocation(s).

To reproduce:

./php-src/sapi/cli/php  ./test.php

Commit:

e23c6222da50a2c5828a03ad701cd3351b13590d

Configurations:

CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv

Operating System:

Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest

This report is automatically generated by FlowFusion

PHP Version

nightly

Operating System

No response

Metadata

Metadata

Assignees

Labels

BugExtension: domStatus: Fixed in Third Party Library

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions