Re: [xml] an xpath segfault reproducible with xmllint

[Daniel Veillard <veillard redhat com>]

On Wed, Apr 04, 2007 at 04:21:50PM +0200, Pavol Rusnak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Daniel Veillard wrote:
> >   Can you make sure no patch was applied on SuSE rpms, I doubt it but
> > that may happen. Maybe someone from SuSe is monitoting that list and can
> > act on this problem (thanks in advance !)
> 
> Hello Petr and Daniel!
> 
> I'm maintainer of libxml2 in SuSE. Our libxml2-2.6.27 has 4 patches, I'm
> attaching relevant one (null-retval.patch). This was a patch for older
> bug I reported earlier: http://bugzilla.gnome.org/show_bug.cgi?id=400242
> - - and was fixed in CVS by William M. Brac.

  the patch attached looks just fine, I don't see it generating such a problem

> GDB output of testcase with debuginfo installed:
> 
> (gdb) r --shell test.xml
> Starting program: /usr/bin/xmllint --shell test.xml
> / > xpath *[ a=name(concat(""))]
> XPath error : Invalid number of arguments
> XPath error : Invalid type
> xmlXPathEval: 3 object left on the stack
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00002b2102bb5d4b in xmlXPathFreeNodeSet (obj=0x6660f0) at xpath.c:4059
> 4059                if ((obj->nodeTab[i] != NULL) &&

  What is the stack like, and value for i and obj->nodeNr.
As stated I tested with latest SVN version on 2 machines without seeing the
problem myself.

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/