[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [xml] Core dump in DTD validate code in libxml2 2.4.25
- From: Daniel Veillard <veillard redhat com>
- To: Joe Marcus Clarke <marcus FreeBSD org>
- Cc: xml gnome org
- Subject: Re: [xml] Core dump in DTD validate code in libxml2 2.4.25
- Date: Wed, 9 Oct 2002 06:25:46 -0400
On Wed, Oct 09, 2002 at 02:10:58AM -0400, Joe Marcus Clarke wrote:
> After upgrading the FreeBSD port of libxml2 to 2.4.25, I noticed a seg
> fault everytime the DTD validation code is run. This was first noticed
> in scrollkeeper-0.3.11, but is also visible in xmllint. The following
> command will produce the core dump:
>
> xmllint --dtdvalid
> /usr/X11R6/share/gnome/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd
> /usr/X11R6/share/gnome/omf/eog/eog-C.omf
>
> The backtrace is:
>
> #0 0x280ae39b in nodeVPop (ctxt=0xbfbfe910) at valid.c:166
> 166 PUSH_AND_POP(static, xmlNodePtr, node)
> (gdb) bt
> #0 0x280ae39b in nodeVPop (ctxt=0xbfbfe910) at valid.c:166
> #1 0x280b3fb3 in xmlValidateElementContent (ctxt=0xbfbfe910,
> child=0x8062180,
> elemDecl=0x8074c80, warn=1, parent=0x8062140) at valid.c:4629
Hum, I could not reproduce the problem with gdb ... but caught it with
valgrind, it was of course an uninitialized memory block usage :-(
The DTD validation code has been completely revamped in 2.4.25, but so
far it's the only bug reported, damn that's serious ...
Please apply the commited patch part for valid.c (enclosed and
in CVS)
http://cvs.gnome.org/bonsai/cvsquery.cgi?module=gnome-xml&branch=HEAD&branchtype=match&dir=gnome-xml&file=&filetype=match&who=veillard&whotype=match&sortby=Date&hours=&date=explicit&mindate=10%2F09%2F02+06%3A19&maxdate=10%2F09%2F02+06%3A21&cvsroot=%2Fcvs%2Fgnome
thanks for the report,
Daniel
--
Daniel Veillard | Red Hat Network https://rhn.redhat.com/
veillard redhat com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
Index: valid.c
===================================================================
RCS file: /cvs/gnome/gnome-xml/valid.c,v
retrieving revision 1.131
retrieving revision 1.132
diff -c -r1.131 -r1.132
*** valid.c 8 Oct 2002 08:26:11 -0000 1.131
--- valid.c 9 Oct 2002 10:20:30 -0000 1.132
***************
*** 4552,4560 ****
xmlElementPtr elemDecl, int warn, xmlNodePtr parent) {
int ret = 1;
#ifndef LIBXML_REGEXP_ENABLED
! xmlNodePtr last = NULL;
#endif
! xmlNodePtr repl = NULL, cur, tmp;
xmlElementContentPtr cont;
const xmlChar *name;
--- 4552,4560 ----
xmlElementPtr elemDecl, int warn, xmlNodePtr parent) {
int ret = 1;
#ifndef LIBXML_REGEXP_ENABLED
! xmlNodePtr repl = NULL, last = NULL, tmp;
#endif
! xmlNodePtr cur;
xmlElementContentPtr cont;
const xmlChar *name;
***************
*** 4572,4577 ****
--- 4572,4580 ----
} else {
xmlRegExecCtxtPtr exec;
+ ctxt->nodeMax = 0;
+ ctxt->nodeNr = 0;
+ ctxt->nodeTab = NULL;
exec = xmlRegNewExecCtxt(elemDecl->contModel, NULL, NULL);
if (exec != NULL) {
cur = child;
***************
*** 4763,4771 ****
--- 4766,4776 ----
expr[0] = 0;
xmlSnprintfElementContent(expr, 5000, cont, 1);
list[0] = 0;
+ #ifndef LIBXML_REGEXP_ENABLED
if (repl != NULL)
xmlSnprintfElements(list, 5000, repl, 1);
else
+ #endif /* LIBXML_REGEXP_ENABLED */
xmlSnprintfElements(list, 5000, child, 1);
if (name != NULL) {
***************
*** 4798,4804 ****
#ifndef LIBXML_REGEXP_ENABLED
done:
- #endif
/*
* Deallocate the copy if done, and free up the validation stack
*/
--- 4803,4808 ----
***************
*** 4812,4817 ****
--- 4816,4822 ----
xmlFree(ctxt->vstateTab);
ctxt->vstateTab = NULL;
}
+ #endif
ctxt->nodeMax = 0;
ctxt->nodeNr = 0;
if (ctxt->nodeTab != NULL) {
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]