[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [xml] Crash in xmlPushInput

From: Daniel Veillard <veillard redhat com>
To: Ryan Phillips <ryan phillips ask com>
Cc: xml gnome org
Subject: Re: [xml] Crash in xmlPushInput
Date: Sun, 18 Jun 2006 15:41:29 -0400

On Fri, Jun 16, 2006 at 10:26:17AM -0700, Ryan Phillips wrote:
> I am experiencing a crash within xmlPushInput in the 2.6.26 version of
> libxml.  Using the reader1 example change the xmlReaderForFile options
> to be:
> 
>   XML_PARSE_RECOVER | XML_PARSE_NOENT |
>   XML_PARSE_NOERROR | XML_PARSE_NOWARNING |
>   XML_PARSE_NONET | XML_PARSE_NOCDATA |
>   XML_PARSE_NOBLANKS
> 
> I have attached the crashing XML file and a backtrace.
> 
> In a separate application with the same file and same libxml options the
> library crashes in parser.c:3499 dereferencing a NULL pointer.

  You use XML_PARSE_RECOVER. This *MUST* be used *ONLY* in recovery operation
not as a normal option which could be used to force for example HTML in the
XML parser. This force going though code paths which are not normally 
used. I said in the past that if this option is abused I would remove it
it's that simple and there won't be any warning, if you rely on it as a default
option you are warned, I will do something against abuses, like stopping
processing if the option is used too frequently.

> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1208514336 (LWP 26163)]
> 0x00386e21 in xmlPushInput () from /usr/lib/libxml2.so.2
> #0  0x00386e21 in xmlPushInput () from /usr/lib/libxml2.so.2
> #1  0x0042452a in xmlParseCharData () from /usr/lib/libxml2.so.2
> #2  0x00428f27 in xmlParseChunk () from /usr/lib/libxml2.so.2
> #3  0x00432e9e in xmlRegExecPushString () from /usr/lib/libxml2.so.2
> #4  0x00433a98 in xmlTextReaderRead () from /usr/lib/libxml2.so.2
> #5  0x08048931 in streamFile (filename=0xbffd5c95 "crash.xml") at reader1.c:68
> #6  0x080489f3 in main (argc=2, argv=0xbffab614) at reader1.c:93
> #0  0x00386e21 in xmlPushInput () from /usr/lib/libxml2.so.2
> The program is running.  Exit anyway? (y or n) 

  The crash does not happen if you remove the XML_PARSE_RECOVER option.
I will remove the crash in CVS, but I'm also thinking about ways to 
allow XML_PARSE_RECOVER only in exceptional cases.

Daniel

-- 
Daniel Veillard      | Red Hat http://redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Follow-Ups:
- Re: [xml] Crash in xmlPushInput
  - From: Ryan Phillips

References:
- [xml] Crash in xmlPushInput
  - From: Ryan Phillips

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]