[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [xml] Core dump in DTD validate code in libxml2 2.4.25

From: Joe Marcus Clarke <marcus FreeBSD org>
To: veillard redhat com
Cc: xml gnome org
Subject: Re: [xml] Core dump in DTD validate code in libxml2 2.4.25
Date: 09 Oct 2002 12:44:48 -0400

On Wed, 2002-10-09 at 06:25, Daniel Veillard wrote:
> On Wed, Oct 09, 2002 at 02:10:58AM -0400, Joe Marcus Clarke wrote:
> > After upgrading the FreeBSD port of libxml2 to 2.4.25, I noticed a seg
> > fault everytime the DTD validation code is run.  This was first noticed
> > in scrollkeeper-0.3.11, but is also visible in xmllint.  The following
> > command will produce the core dump:
> > 
> > xmllint --dtdvalid
> > /usr/X11R6/share/gnome/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd
> > /usr/X11R6/share/gnome/omf/eog/eog-C.omf
> > 
> > The backtrace is:
> > 
> > #0  0x280ae39b in nodeVPop (ctxt=0xbfbfe910) at valid.c:166
> > 166	PUSH_AND_POP(static, xmlNodePtr, node)
> > (gdb) bt
> > #0  0x280ae39b in nodeVPop (ctxt=0xbfbfe910) at valid.c:166
> > #1  0x280b3fb3 in xmlValidateElementContent (ctxt=0xbfbfe910,
> > child=0x8062180, 
> >     elemDecl=0x8074c80, warn=1, parent=0x8062140) at valid.c:4629
> 
>   Hum, I could not reproduce the problem with gdb ... but caught it with
> valgrind, it was of course an uninitialized memory block usage :-(
> The DTD validation code has been completely revamped in 2.4.25, but so
> far it's the only bug reported, damn that's serious ...
>   Please apply the commited patch part for valid.c (enclosed and
> in CVS)

Thanks.  Patch works like a champ.  After I sent the email last night, I
triggered a malloc abort, and saw that ctxt->vstateTab was being freed
when it was never initialized (in the regexp mode).  However, when I
disabled regexp, the Python stuff didn't compile without some manual
removal of regexp variables and functions.  Just FYI.

Thanks for your help.

Joe

> 
> http://cvs.gnome.org/bonsai/cvsquery.cgi?module=gnome-xml&branch=HEAD&branchtype=match&dir=gnome-xml&file=&filetype=match&who=veillard&whotype=match&sortby=Date&hours=&date=explicit&mindate=10%2F09%2F02+06%3A19&maxdate=10%2F09%2F02+06%3A21&cvsroot=%2Fcvs%2Fgnome
> 
>   thanks for the report,
> 
> Daniel
> 
> -- 
> Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
> veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
> http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
> ----
> 

> Index: valid.c
> ===================================================================
> RCS file: /cvs/gnome/gnome-xml/valid.c,v
> retrieving revision 1.131
> retrieving revision 1.132
> diff -c -r1.131 -r1.132
> *** valid.c	8 Oct 2002 08:26:11 -0000	1.131
> --- valid.c	9 Oct 2002 10:20:30 -0000	1.132
> ***************
> *** 4552,4560 ****
>          xmlElementPtr elemDecl, int warn, xmlNodePtr parent) {
>       int ret = 1;
>   #ifndef  LIBXML_REGEXP_ENABLED
> !     xmlNodePtr last = NULL;
>   #endif
> !     xmlNodePtr repl = NULL, cur, tmp;
>       xmlElementContentPtr cont;
>       const xmlChar *name;
>   
> --- 4552,4560 ----
>          xmlElementPtr elemDecl, int warn, xmlNodePtr parent) {
>       int ret = 1;
>   #ifndef  LIBXML_REGEXP_ENABLED
> !     xmlNodePtr repl = NULL, last = NULL, tmp;
>   #endif
> !     xmlNodePtr cur;
>       xmlElementContentPtr cont;
>       const xmlChar *name;
>   
> ***************
> *** 4572,4577 ****
> --- 4572,4580 ----
>       } else {
>   	xmlRegExecCtxtPtr exec;
>   
> + 	ctxt->nodeMax = 0;
> + 	ctxt->nodeNr = 0;
> + 	ctxt->nodeTab = NULL;
>   	exec = xmlRegNewExecCtxt(elemDecl->contModel, NULL, NULL);
>   	if (exec != NULL) {
>   	    cur = child;
> ***************
> *** 4763,4771 ****
> --- 4766,4776 ----
>   	    expr[0] = 0;
>   	    xmlSnprintfElementContent(expr, 5000, cont, 1);
>   	    list[0] = 0;
> + #ifndef LIBXML_REGEXP_ENABLED
>   	    if (repl != NULL)
>   		xmlSnprintfElements(list, 5000, repl, 1);
>   	    else
> + #endif /* LIBXML_REGEXP_ENABLED */
>   		xmlSnprintfElements(list, 5000, child, 1);
>   
>   	    if (name != NULL) {
> ***************
> *** 4798,4804 ****
>   
>   #ifndef  LIBXML_REGEXP_ENABLED
>   done:
> - #endif
>       /*
>        * Deallocate the copy if done, and free up the validation stack
>        */
> --- 4803,4808 ----
> ***************
> *** 4812,4817 ****
> --- 4816,4822 ----
>   	xmlFree(ctxt->vstateTab);
>   	ctxt->vstateTab = NULL;
>       }
> + #endif
>       ctxt->nodeMax = 0;
>       ctxt->nodeNr = 0;
>       if (ctxt->nodeTab != NULL) {
-- 
Joe Marcus Clarke
FreeBSD GNOME Team	::	marcus FreeBSD org
http://www.FreeBSD.org/gnome

Follow-Ups:
- Re: [xml] Core dump in DTD validate code in libxml2 2.4.25
  - From: Daniel Veillard

References:
- [xml] Core dump in DTD validate code in libxml2 2.4.25
  - From: Joe Marcus Clarke
- Re: [xml] Core dump in DTD validate code in libxml2 2.4.25
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]