Re: [xml] xmlNodeDumpOutput appears to corrupt data; crash follows in xmlStrEqual

From: Daniel Veillard <veillard redhat com>
To: gk <gk proliberty com>, ilia prohost org
Cc: "xml gnome org" <xml gnome org>
Subject: Re: [xml] xmlNodeDumpOutput appears to corrupt data; crash follows in xmlStrEqual
Date: Wed, 8 Jan 2003 06:12:29 -0500

On Tue, Jan 07, 2003 at 07:11:18PM -0800, gk wrote:

I am using libxml2-2.4.30 library with:
  PHP 4.3.1
linux; kernel 2.4.18

I have found segmentation fault results from calling dump_node($node) with 
any xml node that includes an attribute.

Ilia, at PHP.net has examined my backtrace and believes libxml2 is causing 
the crash since he cannot reproduce this with the same version of PHP and 
different version of libxml2.

Please let me know if I can offer further info/testing.
Backtrace follows, with original php code at the end.
- Greg Keraunen

From: "Ilia A." <ilia prohost org>
To: gk <gk proliberty com>
Subject: Re: backtrace - Re: Bug #21477 [Opn->Fbk]: 
$node->dump_node($node)  crashes
Date: Tue, 7 Jan 2003 21:33:13 -0500
X-Mailer: KMail [version 1.4]
X-Envelope-To: gk proliberty com

Thank you for the detailed information, it looks like my initial conclusion
that this is a bug in domxml rather then PHP is correct. The function that
appears to corrupt the data, 'xmlNodeDumpOutput' is not a PHP function but
rather a domxml one so is xmlIsXHTML() and xmlStrEqual() which is what
actually crashes. My suggestion is that you contact domxml developers with
this very backtrace, hopefuly they'll be able to assist you.

Ilia

On January 7, 2003 09:34 pm, you wrote:

Dear Ilia,
Here is some more gdb output that might help.

(gdb) info stack
#0  xmlStrEqual (str1=0x3 <Address 0x3 out of bounds>,
     str2=0x401632e0 "-//W3C//DTD XHTML 1.0 Strict//EN") at parser.c:1293
#1  0x4010d834 in xmlIsXHTML (systemID=0x4015e9c0 "text",
     publicID=0x3 <Address 0x3 out of bounds>) at tree.c:6728


  The DTD node for the document was not properly initialized. The call
made by xmlNodeDumpOutput is :
  is_xhtml = xmlIsXHTML(dtd->SystemID, dtd->ExternalID);

  the DTD is looked for based on the document passed to xmlNodeDumpOutput().
And the pointer stored in the DTD for the system ID is invalid. Go back
to the PHP maintainer and ask him to fix the code making that xmlDtdPtr node.
That DTD node was not generated by libxml2 as part of the parsed document
since there is NO DOCTYPE entries in the parsed examples. I have no idea
what the PHP code looks like but getting an invalid DTD node for a document
which did not contained any initially doesn't give me a good opinion of
that code quality honnestly. I have no idea of what's going on there, but
this doesn't sound good, really.

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Follow-Ups:
- Re: [xml] xmlNodeDumpOutput appears to corrupt data; crash follows in xmlStrEqual
  - From: gk

References:
- [xml] xmlNodeDumpOutput appears to corrupt data; crash follows in xmlStrEqual
  - From: gk

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]